'''
errorPages.py
Copyright 2006 Andres Riancho
This file is part of w3af, w3af.sourceforge.net .
w3af is free software; you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by
the Free Software Foundation version 2 of the License.
w3af is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
GNU General Public License for more details.
You should have received a copy of the GNU General Public License
along with w3af; if not, write to the Free Software
Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA
'''
import core.controllers.outputManager as om
# options
from core.data.options.option import option
from core.data.options.optionList import optionList
from core.controllers.basePlugin.baseGrepPlugin import baseGrepPlugin
import core.data.kb.knowledgeBase as kb
import core.data.kb.info as info
import re
class errorPages(baseGrepPlugin):
'''
Grep every page for error pages.
@author: Andres Riancho ( andres.riancho@gmail.com )
'''
def __init__(self):
baseGrepPlugin.__init__(self)
self._already_reported_versions = []
self._compiled_regex = []
def _get_error_strings( self ):
'''
@return: A list of strings that are present in different error pages.
'''
mesg = []
mesg.append('
Error page exception
')
# This signature fires up also in default 404 pages of aspx which generates
# a lot of noise, so ... disabling it
#mesg.append('
Server Error in ')
mesg.append('
Runtime Error
')
mesg.append('
Access is denied
')
mesg.append('
Original Exception:
')
mesg.append('Server object error')
mesg.append('invalid literal for int()')
mesg.append('exceptions.ValueError')
mesg.append('Type mismatch: ')
mesg.append('[an error occurred while processing this directive]')
error_msg = 'Error Occurred While Processing Request'
error_msg += '
Error Occurred While Processing Request
'
mesg.append(error_msg)
# VBScript
mesg.append('
Microsoft VBScript runtime
')
mesg.append("error '800a000d'")
# nwwcgi errors
mesg.append('nwwcgi Error')
# ASP error I found during a pentest, the ASP used a foxpro db, not a SQL injection
mesg.append('<font face="Arial" size=2>error \'800a0005\'</font>')
mesg.append('<h2> <i>Runtime Error</i> </h2></span>')
# Some error in ASP when using COM objects.
mesg.append('Operation is not allowed when the object is closed.')
# An error when ASP tries to include something and it fails
mesg.append('<p>Active Server Pages</font> <font face="Arial" size=2>error \'ASP 0126\'</font>')
# ASPX
msg = '<b> Description: </b>An unhandled exception occurred during the execution of the'
msg += ' current web request'
mesg.append( msg )
# Struts
mesg.append('] does not contain handler parameter named')
# PHP
mesg.append('<b>Warning</b>: ')
mesg.append('No row with the given identifier')
mesg.append('open_basedir restriction in effect')
mesg.append("eval()'d code</b> on line <b>")
mesg.append("Cannot execute a blank command in")
mesg.append("Fatal error</b>: preg_replace")
mesg.append("thrown in <b>")
mesg.append("#0 {main}")
mesg.append("Stack trace:")
mesg.append("</b> on line <b>")
# python
mesg.append("PythonHandler django.core.handlers.modpython")
mesg.append("t = loader.get_template(template_name) # You need to create a 404.html template.")
mesg.append('<h2>Traceback <span>(innermost last)</span></h2>')
# Java
mesg.append('[java.lang.')
mesg.append('class java.lang.')
mesg.append('java.lang.NullPointerException')
mesg.append('java.rmi.ServerException')
mesg.append('onclick="toggle(\'full exception chain stacktrace\')"')
mesg.append('at org.apache.catalina')
mesg.append('at org.apache.coyote.')
mesg.append('at org.apache.tomcat.')
mesg.append('at org.apache.jasper.')
# ruby
mesg.append('<h1 class="error_title">Ruby on Rails application could not be started</h1>')
# Coldfusion
mesg.append('<title>Error Occurred While Processing Request')
mesg.append('Error Occurred While Processing Request