OWTF-DV-004 semi passive no output #404

Closed
marioskourtesis opened this Issue Apr 5, 2015 · 5 comments

Comments

Projects
None yet
4 participants
@marioskourtesis
Contributor

marioskourtesis commented Apr 5, 2015

Execurting the semi_passive/OWTF-DV-004 plug-in returns no output and logs the following error in the /tmp/owtf/ui_server.log

[E 150404 21:09:47 web:1407] Uncaught exception POST /api/worklist/ (127.0.0.1)
HTTPServerRequest(protocol='http', host='127.0.0.1:8009', method='POST', uri='/api/worklist/', version='HTTP/1.1', remote_ip='127.0.0.1', headers={'Content-Length': '70', 'Accept-Language': 'en-US,en;q=0.5', 'Accept-Encoding': 'gzip, deflate', 'Host': '127.0.0.1:8009', 'Accept': '/', 'User-Agent': 'Mozilla/5.0 (X11; Linux x86_64; rv:31.0) Gecko/20100101 Firefox/31.0 Iceweasel/31.6.0', 'Connection': 'keep-alive', 'X-Requested-With': 'XMLHttpRequest', 'Pragma': 'no-cache', 'Cache-Control': 'no-cache', 'Referer': 'http://127.0.0.1:8009/ui/targets/5', 'Content-Type': 'application/x-www-form-urlencoded; charset=UTF-8'})
Traceback (most recent call last):
File "/usr/lib/python2.7/dist-packages/tornado/web.py", line 1332, in _execute
result = method(self.path_args, *self.path_kwargs)
File "/root/owtf/framework/interface/api_handlers.py", line 608, in post
self.get_argument("force_overwrite", "False"))
File "/root/owtf/framework/db/worklist_manager.py", line 165, in add_work
"plugin_key": plugin["key"]
File "/root/owtf/framework/db/target_manager.py", line 57, in wrapped_function
return func(args, *kwargs)
File "/root/owtf/framework/db/poutput_manager.py", line 177, in DeleteAll
results = query.delete()
File "/usr/local/lib/python2.7/dist-packages/sqlalchemy/orm/query.py", line 2670, in delete
delete_op.exec
()
File "/usr/local/lib/python2.7/dist-packages/sqlalchemy/orm/persistence.py", line 896, in exec

self.do_pre_synchronize()
File "/usr/local/lib/python2.7/dist-packages/sqlalchemy/orm/persistence.py", line 958, in do_pre_synchronize
eval_condition(obj)]
File "/usr/local/lib/python2.7/dist-packages/sqlalchemy/orm/evaluator.py", line 90, in evaluate
value = sub_evaluate(obj)
File "/usr/local/lib/python2.7/dist-packages/sqlalchemy/orm/evaluator.py", line 115, in evaluate
left_val = eval_left(obj)
File "/usr/local/lib/python2.7/dist-packages/sqlalchemy/orm/evaluator.py", line 72, in
return lambda obj: get_corresponding_attr(obj)
File "/usr/local/lib/python2.7/dist-packages/sqlalchemy/orm/attributes.py", line 239, in get
return self.impl.get(instance_state(instance), dict
)
File "/usr/local/lib/python2.7/dist-packages/sqlalchemy/orm/attributes.py", line 589, in get
value = callable
(state, passive)
File "/usr/local/lib/python2.7/dist-packages/sqlalchemy/orm/state.py", line 424, in call
self.manager.deferred_scalar_loader(self, toload)
File "/usr/local/lib/python2.7/dist-packages/sqlalchemy/orm/loading.py", line 614, in load_scalar_attributes
raise orm_exc.ObjectDeletedError(state)
ObjectDeletedError: Instance '<PluginOutput at 0x42fe550>' has been deleted, or its row is otherwise not present.
[E 150404 21:09:47 web:1811] 500 POST /api/worklist/ (127.0.0.1) 34.73ms
[E 150404 21:09:49 web:1407] Uncaught exception POST /api/worklist/ (127.0.0.1)
HTTPServerRequest(protocol='http', host='127.0.0.1:8009', method='POST', uri='/api/worklist/', version='HTTP/1.1', remote_ip='127.0.0.1', headers={'Content-Length': '70', 'Accept-Language': 'en-US,en;q=0.5', 'Accept-Encoding': 'gzip, deflate', 'Host': '127.0.0.1:8009', 'Accept': '
/
', 'User-Agent': 'Mozilla/5.0 (X11; Linux x86_64; rv:31.0) Gecko/20100101 Firefox/31.0 Iceweasel/31.6.0', 'Connection': 'keep-alive', 'X-Requested-With': 'XMLHttpRequest', 'Pragma': 'no-cache', 'Cache-Control': 'no-cache', 'Referer': 'http://127.0.0.1:8009/ui/targets/5', 'Content-Type': 'application/x-www-form-urlencoded; charset=UTF-8'})
Traceback (most recent call last):
File "/usr/lib/python2.7/dist-packages/tornado/web.py", line 1332, in _execute
result = method(_self.path_args, *_self.path_kwargs)
File "/root/owtf/framework/interface/api_handlers.py", line 608, in post
self.get_argument("force_overwrite", "False"))
File "/root/owtf/framework/db/worklist_manager.py", line 165, in add_work
"plugin_key": plugin["key"]
File "/root/owtf/framework/db/target_manager.py", line 57, in wrapped_function
return func(args, *kwargs)
File "/root/owtf/framework/db/poutput_manager.py", line 177, in DeleteAll
results = query.delete()
File "/usr/local/lib/python2.7/dist-packages/sqlalchemy/orm/query.py", line 2670, in delete
delete_op.exec
()
File "/usr/local/lib/python2.7/dist-packages/sqlalchemy/orm/persistence.py", line 896, in exec

self.do_pre_synchronize()
File "/usr/local/lib/python2.7/dist-packages/sqlalchemy/orm/persistence.py", line 958, in do_pre_synchronize
eval_condition(obj)]
File "/usr/local/lib/python2.7/dist-packages/sqlalchemy/orm/evaluator.py", line 90, in evaluate
value = sub_evaluate(obj)
File "/usr/local/lib/python2.7/dist-packages/sqlalchemy/orm/evaluator.py", line 115, in evaluate
left_val = eval_left(obj)
File "/usr/local/lib/python2.7/dist-packages/sqlalchemy/orm/evaluator.py", line 72, in
return lambda obj: get_corresponding_attr(obj)
File "/usr/local/lib/python2.7/dist-packages/sqlalchemy/orm/attributes.py", line 239, in get
return self.impl.get(instance_state(instance), dict
)
File "/usr/local/lib/python2.7/dist-packages/sqlalchemy/orm/attributes.py", line 589, in get
value = callable
(state, passive)
File "/usr/local/lib/python2.7/dist-packages/sqlalchemy/orm/state.py", line 424, in call
self.manager.deferred_scalar_loader(self, toload)
File "/usr/local/lib/python2.7/dist-packages/sqlalchemy/orm/loading.py", line 614, in load_scalar_attributes
raise orm_exc.ObjectDeletedError(state)
ObjectDeletedError: Instance '<PluginOutput at 0x42fe550>' has been deleted, or its row is otherwise not present.
[E 150404 21:09:49 web:1811] 500 POST /api/worklist/ (127.0.0.1) 26.62ms

@marioskourtesis marioskourtesis added the Bug label Apr 5, 2015

@tunnelshade

This comment has been minimized.

Show comment
Hide comment
@tunnelshade

tunnelshade Apr 5, 2015

Member

The traceback is different from the title of this bug. The empty output is because the call to Requester.GetTransactions in this plugin is not happening. Might be a problem of service locator.

Member

tunnelshade commented Apr 5, 2015

The traceback is different from the title of this bug. The empty output is because the call to Requester.GetTransactions in this plugin is not happening. Might be a problem of service locator.

@DePierre

This comment has been minimized.

Show comment
Hide comment
@DePierre

DePierre Apr 16, 2015

Contributor

@marioskourtesis Hi, I am trying to reproduce the bug but I never have that 500 error in the logs. Would you have the steps/details in order to reach that bug?

Contributor

DePierre commented Apr 16, 2015

@marioskourtesis Hi, I am trying to reproduce the bug but I never have that 500 error in the logs. Would you have the steps/details in order to reach that bug?

@marioskourtesis

This comment has been minimized.

Show comment
Hide comment
@marioskourtesis

marioskourtesis Apr 16, 2015

Contributor

@tao, Hi
Try to run the "OWTF-IG-001 Spiders, Robots, and Crawlers robots.txt
Analysis" semipassive plugin.

On Thu, Apr 16, 2015 at 10:51 AM, Tao Sauvage notifications@github.com
wrote:

@marioskourtesis https://github.com/marioskourtesis Hi, I am trying to
reproduce the bug but I never have that 500 error in the logs. Would you
have the steps/details in order to reach that bug?


Reply to this email directly or view it on GitHub
#404 (comment).

Contributor

marioskourtesis commented Apr 16, 2015

@tao, Hi
Try to run the "OWTF-IG-001 Spiders, Robots, and Crawlers robots.txt
Analysis" semipassive plugin.

On Thu, Apr 16, 2015 at 10:51 AM, Tao Sauvage notifications@github.com
wrote:

@marioskourtesis https://github.com/marioskourtesis Hi, I am trying to
reproduce the bug but I never have that 500 error in the logs. Would you
have the steps/details in order to reach that bug?


Reply to this email directly or view it on GitHub
#404 (comment).

@DePierre

This comment has been minimized.

Show comment
Hide comment
@DePierre

DePierre Apr 16, 2015

Contributor

But isn't OWTF-DV-004 the plugin Testing for Cross site flashing? Anyway, I ran OWTF-IG-001 as well and did not have any error.

I will try to run all semi-passive plugins against https://www.owasp.org/index.php/OWASP_Vulnerable_Web_Applications_Directory_Project like @7a suggested and see what I can find.

Contributor

DePierre commented Apr 16, 2015

But isn't OWTF-DV-004 the plugin Testing for Cross site flashing? Anyway, I ran OWTF-IG-001 as well and did not have any error.

I will try to run all semi-passive plugins against https://www.owasp.org/index.php/OWASP_Vulnerable_Web_Applications_Directory_Project like @7a suggested and see what I can find.

@viyatb viyatb added this to the OWTF Quality Release milestone Jan 30, 2016

@viyatb viyatb self-assigned this Jan 30, 2016

@viyatb

This comment has been minimized.

Show comment
Hide comment
@viyatb

viyatb Feb 13, 2016

Member

I ran the test @DePierre suggested above and there were no errors. Closing because I cannot reproduce it. I can provide the logs @marioskourtesis if you want :)

Member

viyatb commented Feb 13, 2016

I ran the test @DePierre suggested above and there were no errors. Closing because I cannot reproduce it. I can provide the logs @marioskourtesis if you want :)

@viyatb viyatb closed this Feb 13, 2016

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment