Today I tried to build an html form which get accessed by php. After that php executes a command.
$output = shell_exec("python /w3af/trunk/w3af_console -n -s w3af_conf.w3af");
echo $output;
What I get on webpage is this;
You configured the target ip : http://google.com Gestart...Config aangemaakt...Script uitgevoerd...w3af>>> termios error: (25, 'Inappropriate ioctl for device') plugins termios error: (25, 'Inappropriate ioctl for device') w3af/plugins>>> output console termios error: (25, 'Inappropriate ioctl for device') w3af/plugins>>> output |----------------------------------------------------------------------------| | Plugin name | Status | Conf | Description | |----------------------------------------------------------------------------| | console | Enabled | Yes | Print messages to the console. | | csv_file | | Yes | Export identified vulnerabilities to a | | | | | CSV file. | | emailReport | | Yes | Email report to specified addresses. | | export_requests | | Yes | Export the fuzzable requests found | | | | | during discovery to a file. | | gtkOutput | | | Saves messages to | | | | | kb.kb.getData('gtkOutput', 'queue') to | | | | | be displayed in the UI. | | htmlFile | | Yes | Print all messages to a HTML file. | | textFile | | Yes | Prints all messages to a text file. | | xmlFile | | Yes | Print all messages to a xml file. | |----------------------------------------------------------------------------| termios error: (25, 'Inappropriate ioctl for device') w3af/plugins>>> audit xsrf termios error: (25, 'Inappropriate ioctl for device') w3af/plugins>>> back termios error: (25, 'Inappropriate ioctl for device') w3af>>> target termios error: (25, 'Inappropriate ioctl for device') w3af/config:target>>> set target http://hsleiden.nl termios error: (25, 'Inappropriate ioctl for device') w3af/config:target>>> back termios error: (25, 'Inappropriate ioctl for device') w3af>>> start Auto-enabling plugin: grep.collectCookies Found 1 URLs and 1 different points of injection. The list of URLs is: - http://hsleiden.nl The list of fuzzable requests is: - http://hsleiden.nl | Method: GET Scan finished in 9 seconds. termios error: (25, 'Inappropriate ioctl for device') w3af>>> ord() expected a character, but string of length 0 found ord() expected a character, but string of length 0 found ord() expected a character, but string of length 0 found ord() expected a character, but string of length 0 found ord() expected a character, but string of length 0 found ord() expected a character, but string of length 0 found ord() expected a character, but string of length 0 found ord() expected a character, but string of length 0 found ord() expected a character, but string of length 0 found ord() expected a character, but string of length 0 found ord() expected a character, but string of length 0 found ord() expected a character, but string of length 0 found ord() expected a character, but string of length 0 found ord() expected a character, but string of length 0 found ord() expected a character, but string of length 0 found ord() expected a character, but string of length 0 found ord() expected a character, but string of length 0 found ord() expected a character, but string of length 0 found ord() expected a character, but string of length 0 found ord() expected a character, but string of length 0 found ord() expected a character, but string of length 0 found ord() expected a character, but string of length 0 found ord() expected a character, but string of length 0 found ord() expected a character, but string of length 0 found ord() expected a character, but string of length 0 found ord() expected a character, but string of length 0 found ord() expected a character, but string of length 0 found ord() expected a character, but string of length 0 found ord() expected a character, but string of length 0 found ord() expected a character, but string of length 0 found ord() expected a character, but string of length 0 found ord() expected a character, but string of length 0 found ord() expected a character, but string of length 0 found ord() expected a character, but string of length 0 found ord() expected a character, but string of length 0 found ord() expected a character, but string of length 0 found ord() expected a character, but string of length 0 found ord() expected a character, but string of length 0 found ord() expected a character, but string of length 0 found ord() expected a character, but string of length 0 found ord() expected a character, but string of length 0 found ord() expected a character, but string of length 0 found ord() expected a character, but string of length 0 found ord() expected a character, but string of length 0 found ord() expected a character, but string of length 0 found ord()
(...)
Is there any workarround for this problem? I would like to start w3af from a form with a predefined config file.
Some extra details;
php --version
PHP 5.3.10-1ubuntu3.4 with Suhosin-Patch (cli) (built: Sep 12 2012 18:59:41)
Copyright (c) 1997-2012 The PHP Group
Zend Engine v2.3.0, Copyright (c) 1998-2012 Zend Technologies
python /w3af/trunk/w3af_console --version
w3af - Web Application Attack and Audit Framework
Version: 1.2
Revision: 6024
Author: Andres Riancho and the w3af team.
uname -a
Linux vbox-ubuntu-testmachine 3.2.0-23-generic #36-Ubuntu SMP Tue Apr 10 20:39:51 UTC 2012 x86_64 x86_64 x86_64 GNU/Linux
learnphp1.php (on my webserver)