Error in Arachni::Checks::Xxe: undefined method transform_xml' #848

bgerardw · 2017-03-08T13:32:51Z

Running a test scan I hit this error, it may be connected to the one you are already debugging.

2017-03-08 12:18:03 +0000 --------------------------------------------------------------------------------
ENV:
---
CPLUS_INCLUDE_PATH: "/home/brian/arachni-1.5-0.5.11/bin/../system/usr/include"
XDG_SESSION_ID: '227'
rvm_bin_path: "/home/brian/.rvm/bin"
GEM_HOME: "/home/brian/arachni-1.5-0.5.11/system/gems"
SHELL: "/bin/bash"
TERM: xterm-256color
SSH_CLIENT: 192.168.3.23 43610 22
IRBRC: "/home/brian/arachni-1.5-0.5.11/bin/../system/usr/lib/ruby/.irbrc"
LIBRARY_PATH: "/home/brian/arachni-1.5-0.5.11/bin/../system/usr/lib:/usr/lib:/usr/local/lib"
MY_RUBY_HOME: "/home/brian/arachni-1.5-0.5.11/bin/../system/usr/lib/ruby"
SSH_TTY: "/dev/pts/1"
USER: brian
LD_LIBRARY_PATH: "/home/brian/arachni-1.5-0.5.11/bin/../system/usr/lib:/usr/lib:/usr/local/lib"
LS_COLORS: 'rs=0:di=01;34:ln=01;36:mh=00:pi=40;33:so=01;35:do=01;35:bd=40;33;01:cd=40;33;01:or=40;31;01:su=37;41:sg=30;43:ca=30;41:tw=30;42:ow=34;42:st=37;44:ex=01;32:*.tar=01;31:*.tgz=01;31:*.arj=01;31:*.taz=01;31:*.lzh=01;31:*.lzma=01;31:*.tlz=01;31:*.txz=01;31:*.zip=01;31:*.z=01;31:*.Z=01;31:*.dz=01;31:*.gz=01;31:*.lz=01;31:*.xz=01;31:*.bz2=01;31:*.bz=01;31:*.tbz=01;31:*.tbz2=01;31:*.tz=01;31:*.deb=01;31:*.rpm=01;31:*.jar=01;31:*.war=01;31:*.ear=01;31:*.sar=01;31:*.rar=01;31:*.ace=01;31:*.zoo=01;31:*.cpio=01;31:*.7z=01;31:*.rz=01;31:*.jpg=01;35:*.jpeg=01;35:*.gif=01;35:*.bmp=01;35:*.pbm=01;35:*.pgm=01;35:*.ppm=01;35:*.tga=01;35:*.xbm=01;35:*.xpm=01;35:*.tif=01;35:*.tiff=01;35:*.png=01;35:*.svg=01;35:*.svgz=01;35:*.mng=01;35:*.pcx=01;35:*.mov=01;35:*.mpg=01;35:*.mpeg=01;35:*.m2v=01;35:*.mkv=01;35:*.webm=01;35:*.ogm=01;35:*.mp4=01;35:*.m4v=01;35:*.mp4v=01;35:*.vob=01;35:*.qt=01;35:*.nuv=01;35:*.wmv=01;35:*.asf=01;35:*.rm=01;35:*.rmvb=01;35:*.flc=01;35:*.avi=01;35:*.fli=01;35:*.flv=01;35:*.gl=01;35:*.dl=01;35:*.xcf=01;35:*.xwd=01;35:*.yuv=01;35:*.cgm=01;35:*.emf=01;35:*.axv=01;35:*.anx=01;35:*.ogv=01;35:*.ogx=01;35:*.aac=00;36:*.au=00;36:*.flac=00;36:*.mid=00;36:*.midi=00;36:*.mka=00;36:*.mp3=00;36:*.mpc=00;36:*.ogg=00;36:*.ra=00;36:*.wav=00;36:*.axa=00;36:*.oga=00;36:*.spx=00;36:*.xspf=00;36:'
_system_type: Linux
rvm_path: "/home/brian/.rvm"
rvm_prefix: "/home/brian"
FONTCONFIG_PATH: "/home/brian/arachni-1.5-0.5.11/bin/../system/home/arachni/.fonts"
PATH: "/home/brian/arachni-1.5-0.5.11/system/gems/bin:/home/brian/arachni-1.5-0.5.11/bin/../system/../bin:/home/brian/arachni-1.5-0.5.11/bin/../system/usr/bin:/home/brian/arachni-1.5-0.5.11/bin/../system/gems/bin:/home/brian/.rvm/gems/jruby-9.1.7.0/bin:/home/brian/.rvm/gems/jruby-9.1.7.0@global/bin:/home/brian/.rvm/rubies/jruby-9.1.7.0/bin:/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/usr/games:/usr/local/games:/home/brian/.rvm/bin"
MAIL: "/var/mail/brian"
QT_QPA_PLATFORMTHEME: appmenu-qt5
C_INCLUDE_PATH: "/home/brian/arachni-1.5-0.5.11/bin/../system/usr/include"
PWD: "/home/brian/arachni-1.5-0.5.11/bin"
ARACHNI_WEBUI_LOGDIR: "/home/brian/arachni-1.5-0.5.11/bin/../system/logs/webui"
LANG: en_IE.UTF-8
NODE_PATH: "/usr/lib/nodejs:/usr/lib/node_modules:/usr/share/javascript"
ARACHNI_FRAMEWORK_LOGDIR: "/home/brian/arachni-1.5-0.5.11/bin/../system/logs/framework"
_system_arch: x86_64
_system_version: '14.04'
rvm_version: 1.29.1 (latest)
HOME: "/home/brian/arachni-1.5-0.5.11/bin/../system/home/arachni"
SHLVL: '1'
LANGUAGE: en_IE:en
RAILS_ENV: production
LOGNAME: brian
SSH_CONNECTION: 192.168.3.23 43610 192.168.3.17 22
GEM_PATH: "/home/brian/arachni-1.5-0.5.11/bin/../system/gems"
LESSOPEN: "| /usr/bin/lesspipe %s"
XDG_RUNTIME_DIR: "/run/user/1006"
RUBYLIB: "/home/brian/arachni-1.5-0.5.11/system/gems/gems/bundler-1.14.3/lib:/home/brian/arachni-1.5-0.5.11/bin/../system/usr/lib/ruby:/home/brian/arachni-1.5-0.5.11/bin/../system/usr/lib/ruby/site_ruby/2.2.0:/home/brian/arachni-1.5-0.5.11/bin/../system/usr/lib/ruby/2.2.0:/home/brian/arachni-1.5-0.5.11/bin/../system/usr/lib/ruby/2.2.0/x86_64-linux:/home/brian/arachni-1.5-0.5.11/bin/../system/usr/lib/ruby/site_ruby/2.2.0/x86_64-linux"
LESSCLOSE: "/usr/bin/lesspipe %s %s"
RUBY_VERSION: ruby-2.2.3
_system_name: Ubuntu
RACK_ENV: development
BUNDLE_GEMFILE: "/home/brian/arachni-1.5-0.5.11/system/arachni-ui-web/Gemfile"
BUNDLER_ORIG_PATH: "/home/brian/arachni-1.5-0.5.11/bin/../system/../bin:/home/brian/arachni-1.5-0.5.11/bin/../system/usr/bin:/home/brian/arachni-1.5-0.5.11/bin/../system/gems/bin:/home/brian/.rvm/gems/jruby-9.1.7.0/bin:/home/brian/.rvm/gems/jruby-9.1.7.0@global/bin:/home/brian/.rvm/rubies/jruby-9.1.7.0/bin:/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/usr/games:/usr/local/games:/home/brian/.rvm/bin:/home/brian/.rvm/bin"
BUNDLER_ORIG_GEM_PATH: "/home/brian/arachni-1.5-0.5.11/bin/../system/gems"
BUNDLE_BIN_PATH: "/home/brian/arachni-1.5-0.5.11/system/gems/gems/bundler-1.14.3/exe/bundle"
BUNDLER_VERSION: 1.14.3
RUBYOPT: "-rbundler/setup"
MANPATH: "/home/brian/arachni-1.5-0.5.11/system/gems/gems/kramdown-1.4.1/man"
BUNDLER_ORIG_MANPATH: "/home/brian/arachni-1.5-0.5.11/system/gems/gems/kramdown-1.4.1/man"
--------------------------------------------------------------------------------
OPTIONS:
---
scope:
  redundant_path_patterns: {}
  dom_depth_limit: 5
  exclude_file_extensions:
  - "[]"
  exclude_path_patterns: []
  exclude_content_patterns: []
  include_path_patterns: []
  restrict_paths: []
  extend_paths: []
  url_rewrites: {}
  include_subdomains: false
  exclude_binaries: false
  https_only: false
input:
  values:
    "(?i-mx:name)": arachni_name
    "(?i-mx:user)": arachni_user
    "(?i-mx:usr)": arachni_user
    "(?i-mx:pass)": 5543!%arachni_secret
    "(?i-mx:txt)": arachni_text
    "(?i-mx:num)": '132'
    "(?i-mx:amount)": '100'
    "(?i-mx:mail)": arachni@email.gr
    "(?i-mx:account)": '12'
    "(?i-mx:id)": '1'
  default_values:
    name: arachni_name
    user: arachni_user
    usr: arachni_user
    pass: 5543!%arachni_secret
    txt: arachni_text
    num: '132'
    amount: '100'
    mail: arachni@email.gr
    account: '12'
    id: '1'
  without_defaults: true
  force: false
browser_cluster:
  local_storage: {}
  wait_for_elements: {}
  pool_size: 1
  job_timeout: 10
  worker_time_to_live: 100
  ignore_images: false
  screen_width: 1600
  screen_height: 1200
session: {}
datastore:
  token: e8c01fd2bb436ceae9b7e042507eb627
http:
  user_agent: Arachni/v1.5
  request_timeout: 10000
  request_redirect_limit: 5
  request_concurrency: 1
  request_queue_size: 20
  request_headers: {}
  response_max_size: 500000
  cookies: {}
  authentication_type: auto
audit:
  parameter_values: true
  exclude_vector_patterns: []
  include_vector_patterns: []
  link_templates: []
  links: true
  forms: true
  cookies: true
  jsons: true
  xmls: true
  ui_forms: true
  ui_inputs: true
  headers: false
  with_both_http_methods: false
  cookies_extensively: false
checks:
- code_injection
- code_injection_php_input_wrapper
- code_injection_timing
- csrf
- file_inclusion
- ldap_injection
- no_sql_injection
- no_sql_injection_differential
- os_cmd_injection
- os_cmd_injection_timing
- path_traversal
- response_splitting
- rfi
- session_fixation
- source_code_disclosure
- sql_injection
- sql_injection_differential
- sql_injection_timing
- trainer
- unvalidated_redirect
- unvalidated_redirect_dom
- xpath_injection
- xss
- xss_dom
- xss_dom_script_context
- xss_event
- xss_path
- xss_script_context
- xss_tag
- xxe
- allowed_methods
- backdoors
- backup_directories
- backup_files
- captcha
- common_admin_interfaces
- common_directories
- common_files
- cookie_set_for_parent_domain
- credit_card
- cvs_svn_users
- directory_listing
- emails
- form_upload
- hsts
- htaccess_limit
- html_objects
- http_only_cookies
- http_put
- insecure_client_access_policy
- insecure_cookies
- insecure_cors_policy
- insecure_cross_domain_policy_access
- insecure_cross_domain_policy_headers
- interesting_responses
- localstart_asp
- mixed_resource
- origin_spoof_access_restriction_bypass
- password_autocomplete
- private_ip
- ssn
- unencrypted_password_forms
- webdav
- x_frame_options
- xst
platforms: []
plugins:
  autothrottle: 
  discovery: 
  healthmap: 
  rate_limiter:
    requests_per_second: '19'
  timing_attacks: 
  uniformity: 
no_fingerprinting: false
authorized_by: 
url: http://testphp.vulnweb.com/
--------------------------------------------------------------------------------
[2017-03-08 12:18:03 +0000] Error in Arachni::Checks::Xxe: undefined method `transform_xml' for #<Arachni::Element::Cookie:0x00000003907240>
[2017-03-08 12:18:03 +0000] Page: http://testphp.vulnweb.com/AJAX/showxml.php
[2017-03-08 12:18:03 +0000] /home/brian/arachni-1.5-0.5.11/system/gems/gems/arachni-1.5/lib/arachni/element/cookie.rb:163:in `method_missing'
[2017-03-08 12:18:03 +0000] /home/brian/arachni-1.5-0.5.11/system/gems/gems/arachni-1.5/components/checks/active/xxe.rb:23:in `block (3 levels) in options'
[2017-03-08 12:18:03 +0000] /home/brian/arachni-1.5-0.5.11/system/gems/gems/arachni-1.5/components/checks/active/xxe.rb:20:in `map'
[2017-03-08 12:18:03 +0000] /home/brian/arachni-1.5-0.5.11/system/gems/gems/arachni-1.5/components/checks/active/xxe.rb:20:in `block (2 levels) in options'
[2017-03-08 12:18:03 +0000] /home/brian/arachni-1.5-0.5.11/system/gems/gems/arachni-1.5/components/checks/active/xxe.rb:19:in `each'
[2017-03-08 12:18:03 +0000] /home/brian/arachni-1.5-0.5.11/system/gems/gems/arachni-1.5/components/checks/active/xxe.rb:19:in `map'
[2017-03-08 12:18:03 +0000] /home/brian/arachni-1.5-0.5.11/system/gems/gems/arachni-1.5/components/checks/active/xxe.rb:19:in `block in options'
[2017-03-08 12:18:03 +0000] /home/brian/arachni-1.5-0.5.11/system/gems/gems/arachni-1.5/lib/arachni/element/capabilities/auditable.rb:362:in `call'
[2017-03-08 12:18:03 +0000] /home/brian/arachni-1.5-0.5.11/system/gems/gems/arachni-1.5/lib/arachni/element/capabilities/auditable.rb:362:in `block in audit_single'
[2017-03-08 12:18:03 +0000] /home/brian/arachni-1.5-0.5.11/system/gems/gems/arachni-1.5/lib/arachni/element/cookie/capabilities/mutable.rb:37:in `block in each_mutation'
[2017-03-08 12:18:03 +0000] /home/brian/arachni-1.5-0.5.11/system/gems/gems/arachni-1.5/lib/arachni/element/capabilities/mutable.rb:425:in `yield_if_unique'
[2017-03-08 12:18:03 +0000] /home/brian/arachni-1.5-0.5.11/system/gems/gems/arachni-1.5/lib/arachni/element/capabilities/mutable.rb:415:in `create_and_yield_if_unique'
[2017-03-08 12:18:03 +0000] /home/brian/arachni-1.5-0.5.11/system/gems/gems/arachni-1.5/lib/arachni/element/capabilities/mutable.rb:194:in `block (2 levels) in each_mutation'
[2017-03-08 12:18:03 +0000] /home/brian/arachni-1.5-0.5.11/system/gems/gems/arachni-1.5/lib/arachni/element/capabilities/mutable.rb:430:in `block in each_formatted_payload'
[2017-03-08 12:18:03 +0000] /home/brian/arachni-1.5-0.5.11/system/gems/gems/arachni-1.5/lib/arachni/element/capabilities/mutable.rb:429:in `each'
[2017-03-08 12:18:03 +0000] /home/brian/arachni-1.5-0.5.11/system/gems/gems/arachni-1.5/lib/arachni/element/capabilities/mutable.rb:429:in `each_formatted_payload'
[2017-03-08 12:18:03 +0000] /home/brian/arachni-1.5-0.5.11/system/gems/gems/arachni-1.5/lib/arachni/element/capabilities/mutable.rb:190:in `block in each_mutation'
[2017-03-08 12:18:03 +0000] /home/brian/arachni-1.5-0.5.11/system/gems/gems/arachni-1.5/lib/arachni/element/capabilities/mutable.rb:183:in `each'
[2017-03-08 12:18:03 +0000] /home/brian/arachni-1.5-0.5.11/system/gems/gems/arachni-1.5/lib/arachni/element/capabilities/mutable.rb:183:in `each_mutation'
[2017-03-08 12:18:03 +0000] /home/brian/arachni-1.5-0.5.11/system/gems/gems/arachni-1.5/lib/arachni/element/cookie/capabilities/mutable.rb:36:in `each_mutation'
[2017-03-08 12:18:03 +0000] /home/brian/arachni-1.5-0.5.11/system/gems/gems/arachni-1.5/lib/arachni/element/capabilities/auditable.rb:318:in `audit_single'
[2017-03-08 12:18:03 +0000] /home/brian/arachni-1.5-0.5.11/system/gems/gems/arachni-1.5/lib/arachni/element/capabilities/auditable.rb:121:in `audit'
[2017-03-08 12:18:03 +0000] /home/brian/arachni-1.5-0.5.11/system/gems/gems/arachni-1.5/lib/arachni/element/capabilities/analyzable/signature.rb:135:in `signature_analysis'
[2017-03-08 12:18:03 +0000] /home/brian/arachni-1.5-0.5.11/system/gems/gems/arachni-1.5/lib/arachni/check/auditor.rb:632:in `block in audit_signature'
[2017-03-08 12:18:03 +0000] /home/brian/arachni-1.5-0.5.11/system/gems/gems/arachni-1.5/lib/arachni/check/auditor.rb:711:in `call'
[2017-03-08 12:18:03 +0000] /home/brian/arachni-1.5-0.5.11/system/gems/gems/arachni-1.5/lib/arachni/check/auditor.rb:711:in `block in prepare_each_element'
[2017-03-08 12:18:03 +0000] /home/brian/arachni-1.5-0.5.11/system/gems/gems/arachni-1.5/lib/arachni/check/auditor.rb:706:in `each'
[2017-03-08 12:18:03 +0000] /home/brian/arachni-1.5-0.5.11/system/gems/gems/arachni-1.5/lib/arachni/check/auditor.rb:706:in `prepare_each_element'
[2017-03-08 12:18:03 +0000] /home/brian/arachni-1.5-0.5.11/system/gems/gems/arachni-1.5/lib/arachni/check/auditor.rb:519:in `block in each_candidate_element'
[2017-03-08 12:18:03 +0000] /home/brian/arachni-1.5-0.5.11/system/gems/gems/arachni-1.5/lib/arachni/check/auditor.rb:506:in `each'
[2017-03-08 12:18:03 +0000] /home/brian/arachni-1.5-0.5.11/system/gems/gems/arachni-1.5/lib/arachni/check/auditor.rb:506:in `each_candidate_element'
[2017-03-08 12:18:03 +0000] /home/brian/arachni-1.5-0.5.11/system/gems/gems/arachni-1.5/lib/arachni/check/auditor.rb:631:in `audit_signature'
[2017-03-08 12:18:03 +0000] /home/brian/arachni-1.5-0.5.11/system/gems/gems/arachni-1.5/lib/arachni/check/auditor.rb:598:in `audit'
[2017-03-08 12:18:03 +0000] /home/brian/arachni-1.5-0.5.11/system/gems/gems/arachni-1.5/components/checks/active/xxe.rb:53:in `run'
[2017-03-08 12:18:03 +0000] /home/brian/arachni-1.5-0.5.11/system/gems/gems/arachni-1.5/lib/arachni/check/manager.rb:128:in `run_one'
[2017-03-08 12:18:03 +0000] /home/brian/arachni-1.5-0.5.11/system/gems/gems/arachni-1.5/lib/arachni/framework/parts/check.rb:80:in `check_page'
[2017-03-08 12:18:03 +0000] /home/brian/arachni-1.5-0.5.11/system/gems/gems/arachni-1.5/lib/arachni/framework/parts/check.rb:57:in `block in run_checks'
[2017-03-08 12:18:03 +0000] /home/brian/arachni-1.5-0.5.11/system/gems/gems/arachni-1.5/lib/arachni/framework/parts/check.rb:56:in `each'
[2017-03-08 12:18:03 +0000] /home/brian/arachni-1.5-0.5.11/system/gems/gems/arachni-1.5/lib/arachni/framework/parts/check.rb:56:in `run_checks'
[2017-03-08 12:18:03 +0000] /home/brian/arachni-1.5-0.5.11/system/gems/gems/arachni-1.5/lib/arachni/framework/parts/audit.rb:138:in `audit_page'
[2017-03-08 12:18:03 +0000] /home/brian/arachni-1.5-0.5.11/system/gems/gems/arachni-1.5/lib/arachni/framework/parts/audit.rb:228:in `audit_queues'
[2017-03-08 12:18:03 +0000] /home/brian/arachni-1.5-0.5.11/system/gems/gems/arachni-1.5/lib/arachni/rpc/server/framework/multi_instance.rb:222:in `audit_queues'
[2017-03-08 12:18:03 +0000] /home/brian/arachni-1.5-0.5.11/system/gems/gems/arachni-1.5/lib/arachni/framework/parts/audit.rb:202:in `block in audit'
[2017-03-08 12:18:03 +0000] /home/brian/arachni-1.5-0.5.11/system/gems/gems/arachni-1.5/lib/arachni/framework/parts/audit.rb:177:in `loop'
[2017-03-08 12:18:03 +0000] /home/brian/arachni-1.5-0.5.11/system/gems/gems/arachni-1.5/lib/arachni/framework/parts/audit.rb:177:in `audit'
[2017-03-08 12:18:03 +0000] /home/brian/arachni-1.5-0.5.11/system/gems/gems/arachni-1.5/lib/arachni/framework.rb:117:in `block in run'
[2017-03-08 12:18:03 +0000] /home/brian/arachni-1.5-0.5.11/system/gems/gems/arachni-1.5/lib/arachni/utilities.rb:425:in `call'
[2017-03-08 12:18:03 +0000] /home/brian/arachni-1.5-0.5.11/system/gems/gems/arachni-1.5/lib/arachni/utilities.rb:425:in `exception_jail'
[2017-03-08 12:18:03 +0000] /home/brian/arachni-1.5-0.5.11/system/gems/gems/arachni-1.5/lib/arachni/framework.rb:117:in `run'
[2017-03-08 12:18:03 +0000] /home/brian/arachni-1.5-0.5.11/system/gems/gems/arachni-1.5/lib/arachni/rpc/server/framework.rb:156:in `block in run'

The text was updated successfully, but these errors were encountered:

Zapotek · 2017-03-08T13:34:37Z

It's not but I'll look into it.

PS. You need "```" to format multiline text, not "`".

bgerardw · 2017-03-08T13:41:30Z

Thanks for the redit. I am testing against a number of 'vulnerable' test sites. if I hit anymore I will post them.

Zapotek · 2017-03-08T19:14:06Z

Fixed it, need to run some tests and then I'll push nightlies.

[Closes #848]

Zapotek · 2017-03-09T13:22:45Z

Nightlies are up -- Linux and OSX only though, my MS Windows builder VM is having issues.

Zapotek added the Bug label Mar 8, 2017

Zapotek added a commit that referenced this issue Mar 9, 2017

Check::Auditor: Removed OPTIONS

dd35be6

[Closes #848]

Zapotek closed this as completed Mar 9, 2017

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Error in Arachni::Checks::Xxe: undefined method transform_xml' #848

Error in Arachni::Checks::Xxe: undefined method transform_xml' #848

bgerardw commented Mar 8, 2017 •

edited by Zapotek

Loading

Zapotek commented Mar 8, 2017 •

edited

Loading

bgerardw commented Mar 8, 2017 •

edited

Loading

Zapotek commented Mar 8, 2017

Zapotek commented Mar 9, 2017

Error in Arachni::Checks::Xxe: undefined method transform_xml' #848

Error in Arachni::Checks::Xxe: undefined method transform_xml' #848

Comments

bgerardw commented Mar 8, 2017 • edited by Zapotek Loading

Zapotek commented Mar 8, 2017 • edited Loading

bgerardw commented Mar 8, 2017 • edited Loading

Zapotek commented Mar 8, 2017

Zapotek commented Mar 9, 2017

bgerardw commented Mar 8, 2017 •

edited by Zapotek

Loading

Zapotek commented Mar 8, 2017 •

edited

Loading

bgerardw commented Mar 8, 2017 •

edited

Loading