[Openpacket-devel] Might want to fix a couple things
Brought to you by:
crazy_j,
taosecurity
Menu
▾
▴
[Openpacket-devel] Might want to fix a couple things
|
From: Joel E. <joe...@so...> - 2006-09-25 13:12:11
|
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Your addr obfuscation routine seems to be borked. J KeyError at /uploadfile/ 0 Request Method: POST Request URL: http://openpacket.dyndns.org:8000/uploadfile/ Exception Type: KeyError Exception Value: 0 Exception Location: C:\Documents and Settings\Roach\My Documents\workspace\openpacket\..\openpacket\_extensions\pcapParser.py in obfuscateIPaddr, line 60 Traceback (innermost last) Switch to copy-and-paste view C:\Python24\lib\site-packages\django\core\handlers\base.py in get_response response = callback(request, *callback_args, **callback_kwargs) ... ? Local vars C:\Documents and Settings\Roach\My Documents\workspace\openpacket\pcapfiles\views.py in uploadPcapFile obfuscateIPaddr(new_pcapfile.filepath) ... ? Local vars C:\Documents and Settings\Roach\My Documents\workspace\openpacket\..\openpacket\_extensions\pcapParser.py in obfuscateIPaddr dstip3 = randomnum[dstip3] ... ? Local vars Request information GET No GET data POST Variable Value category 'malicious' description 'Sadmind with root credentials' obfuscateIP 'on' COOKIES Variable Value sessionid '9f1305deca45f0218684874e8de2dbee' META Variable Value ALLUSERSPROFILE 'C:\\Documents and Settings\\All Users' APPDATA 'C:\\Documents and Settings\\Roach\\Application Data' APR_ICONV_PATH 'C:\\Program Files\\Subversion\\iconv' BITROCK '1' CLASSPATH '.;C:\\Program Files\\Java\\j2re1.4.2_12\\lib\\ext\\QTJava.zip' COMMONPROGRAMFILES 'C:\\Program Files\\Common Files' COMPUTERNAME 'ROACH4-LAPTOP' COMSPEC 'C:\\WINDOWS\\system32\\cmd.exe' CONTENT_LENGTH '4337' CONTENT_TYPE 'multipart/form-data; boundary=----------0xKhTmLbOuNdArY' DJANGO_SETTINGS_MODULE 'openpacket.settings' GATEWAY_INTERFACE 'CGI/1.1' HOMEDRIVE 'C:' HOMEPATH '\\Documents and Settings\\Roach' HTTP_ACCEPT '*/*' HTTP_ACCEPT_ENCODING 'gzip, deflate' HTTP_ACCEPT_LANGUAGE 'en' HTTP_CONNECTION 'keep-alive' HTTP_COOKIE 'sessionid=9f1305deca45f0218684874e8de2dbee' HTTP_HOST 'openpacket.dyndns.org:8000' HTTP_REFERER 'http://openpacket.dyndns.org:8000/uploadfile/' HTTP_USER_AGENT 'Mozilla/5.0 (Macintosh; U; PPC Mac OS X; en) AppleWebKit/418.8 (KHTML, like Gecko) Safari/419.3' LOGONSERVER '\\\\ROACH4-LAPTOP' NUMBER_OF_PROCESSORS '1' OS 'Windows_NT' PATH 'C:\\WINDOWS\\system32;C:\\WINDOWS;C:\\WINDOWS\\System32\\Wbem;C:\\Program Files\\SecureCRT\\;C:\\Program Files\\Subversion\\bin;C:\\Python24;C:\\Program Files\\QuickTime\\QTSystem\\' PATHEXT '.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH' PATH_INFO '/uploadfile/' PROCESSOR_ARCHITECTURE 'x86' PROCESSOR_IDENTIFIER 'x86 Family 6 Model 11 Stepping 4, GenuineIntel' PROCESSOR_LEVEL '6' PROCESSOR_REVISION '0b04' PROGRAMFILES 'C:\\Program Files' PROMPT '$P$G' QTJAVA 'C:\\Program Files\\Java\\j2re1.4.2_12\\lib\\ext\\QTJava.zip' QUERY_STRING '' REMOTE_ADDR '24.214.132.43' REMOTE_HOST 'user-24-214-132-43.knology.net' REQUEST_METHOD 'POST' RUN_MAIN 'true' SCRIPT_NAME '' SERVER_NAME 'roach4-laptop.no-domain-set.bellcanada' SERVER_PORT '8000' SERVER_PROTOCOL 'HTTP/1.1' SERVER_SOFTWARE 'WSGIServer/0.1 Python/2.4.3' SESSIONNAME 'Console' SYSTEMDRIVE 'C:' SYSTEMROOT 'C:\\WINDOWS' TEMP 'C:\\DOCUME~1\\Roach\\LOCALS~1\\Temp' TMP 'C:\\DOCUME~1\\Roach\\LOCALS~1\\Temp' TZ 'America/Montreal' USERDOMAIN 'ROACH4-LAPTOP' USERNAME 'Roach' USERPROFILE 'C:\\Documents and Settings\\Roach' WINDIR 'C:\\WINDOWS' wsgi.errors <open file '<stderr>', mode 'w' at 0x0095E0B0> wsgi.file_wrapper <class 'django.core.servers.basehttp.FileWrapper'> wsgi.input <socket._fileobject object at 0x013DBF48> wsgi.multiprocess False wsgi.multithread True wsgi.run_once False wsgi.url_scheme 'http' wsgi.version (1, 0) Settings Using settings module openpacket.settings Setting Value ABSOLUTE_URL_OVERRIDES {} ADMINS () ADMIN_FOR () ADMIN_MEDIA_PREFIX '/adminmedia/' ALLOWED_INCLUDE_ROOTS () APPEND_SLASH True AUTHENTICATION_BACKENDS ('django.contrib.auth.backends.ModelBackend',) BANNED_IPS () CACHE_BACKEND 'simple://' CACHE_MIDDLEWARE_KEY_PREFIX '' COMMENTS_ALLOW_PROFANITIES False COMMENTS_BANNED_USERS_GROUP None COMMENTS_FIRST_FEW 0 COMMENTS_MODERATORS_GROUP None COMMENTS_SKETCHY_USERS_GROUP None DATABASE_ENGINE 'sqlite3' DATABASE_HOST '' DATABASE_NAME '_db\\OP.db' DATABASE_PASSWORD '********************' DATABASE_PORT '' DATABASE_USER '' DATETIME_FORMAT 'N j, Y, P' DATE_FORMAT 'N j, Y' DEBUG True DEFAULT_CHARSET 'utf-8' DEFAULT_CONTENT_TYPE 'text/html' DEFAULT_FROM_EMAIL 'webmaster@localhost' DISALLOWED_USER_AGENTS () EMAIL_HOST 'localhost' EMAIL_HOST_PASSWORD '********************' EMAIL_HOST_USER '' EMAIL_PORT 25 EMAIL_SUBJECT_PREFIX '[Django] ' ENABLE_PSYCO False IGNORABLE_404_ENDS ('mail.pl', 'mailform.pl', 'mail.cgi', 'mailform.cgi', 'favicon.ico', '.php') IGNORABLE_404_STARTS ('/cgi-bin/', '/_vti_bin', '/_vti_inf') INSTALLED_APPS ['django.contrib.auth', 'django.contrib.contenttypes', 'django.contrib.sessions', 'django.contrib.sites', 'django.contrib.admin', 'openpacket.comments', 'openpacket.pcapfiles', 'openpacket.users', 'openpacket.navigation'] INTERNAL_IPS () JING_PATH '/usr/bin/jing' LANGUAGES (('ar', 'Arabic'), ('bn', 'Bengali'), ('cs', 'Czech'), ('cy', 'Welsh'), ('da', 'Danish'), ('de', 'German'), ('el', 'Greek'), ('en', 'English'), ('es', 'Spanish'), ('es_AR', 'Argentinean Spanish'), ('fr', 'French'), ('gl', 'Galician'), ('hu', 'Hungarian'), ('he', 'Hebrew'), ('is', 'Icelandic'), ('it', 'Italian'), ('ja', 'Japanese'), ('nl', 'Dutch'), ('no', 'Norwegian'), ('pt-br', 'Brazilian'), ('ro', 'Romanian'), ('ru', 'Russian'), ('sk', 'Slovak'), ('sl', 'Slovenian'), ('sr', 'Serbian'), ('sv', 'Swedish'), ('uk', 'Ukrainian'), ('zh-cn', 'Simplified Chinese'), ('zh-tw', 'Traditional Chinese')) LANGUAGES_BIDI ('he', 'ar') LANGUAGE_CODE 'en-us' MANAGERS () MEDIA_ROOT '_media' MEDIA_URL 'http://127.0.0.1:8000/media' MIDDLEWARE_CLASSES ('django.middleware.common.CommonMiddleware', 'django.contrib.sessions.middleware.SessionMiddleware', 'django.contrib.auth.middleware.AuthenticationMiddleware', 'django.middleware.doc.XViewMiddleware') MONTH_DAY_FORMAT 'F j' PREPEND_WWW False ROOT_URLCONF 'openpacket.urls' SECRET_KEY '********************' SEND_BROKEN_LINK_EMAILS False SERVER_EMAIL 'root@localhost' SESSION_COOKIE_AGE 1209600 SESSION_COOKIE_DOMAIN None SESSION_COOKIE_NAME 'sessionid' SESSION_EXPIRE_AT_BROWSER_CLOSE False SESSION_SAVE_EVERY_REQUEST False SETTINGS_MODULE 'openpacket.settings' SITE_ID 1 TEMPLATE_CONTEXT_PROCESSORS ('django.core.context_processors.auth', 'django.core.context_processors.debug', 'django.core.context_processors.i18n') TEMPLATE_DEBUG True TEMPLATE_DIRS ('_templates',) TEMPLATE_LOADERS ('django.template.loaders.filesystem.load_template_source', 'django.template.loaders.app_directories.load_template_source') TEMPLATE_STRING_IF_INVALID '' TIME_FORMAT 'P' TIME_ZONE 'America/Montreal' TRANSACTIONS_MANAGED False USE_ETAGS False USE_I18N True YEAR_MONTH_FORMAT 'F Y' You're seeing this error because you have DEBUG = True in your Django settings file. Change that to False, and Django will display a standard 500 page. - -- +---------------------------------------------------------------------+ Joel Esler Senior Security Consultant 1-706-627-2101 Sourcefire Security for the /Real/ World -- http://www.sourcefire.com Snort - Open Source Network IPS/IDS -- http://www.snort.org GPG Key http://demo.sourcefire.com/jesler.pgp.key AIM: eslerjoel Gtalk: eslerj Yahoo: eslerjoel +---------------------------------------------------------------------+ -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.3 (Darwin) iD8DBQFFF9WeKbCSyXHckt4RAifyAJ9I2V/P3NVKF+GzUTysy1CXzxR5vQCeLCwo OksHF3U08JHoLXHmQ5Cm90Q= =C12B -----END PGP SIGNATURE----- |
