From 472da425a501fd86f39d2cf0f63239814440e024 Mon Sep 17 00:00:00 2001 From: K D Date: Thu, 13 Jan 2022 14:43:28 +0100 Subject: [PATCH] bugfix for audit.file_upload: when an extension that did not have a matching template was given, w3af would use the initial payload for confirming the vuln, which was never used --- w3af/plugins/audit/file_upload.py | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/w3af/plugins/audit/file_upload.py b/w3af/plugins/audit/file_upload.py index 199052dbd8..411a2f9294 100644 --- a/w3af/plugins/audit/file_upload.py +++ b/w3af/plugins/audit/file_upload.py @@ -101,7 +101,7 @@ def audit(self, freq, orig_response, debugging_id): for file_parameter in freq.get_file_vars(): for extension in self._extensions: - _, file_content, file_name = get_template_with_payload(extension, payload) + success, file_content, file_name = get_template_with_payload(extension, payload) # Only file handlers are passed to the create_mutants functions named_stringio = NamedStringIO(file_content, file_name) @@ -113,7 +113,7 @@ def audit(self, freq, orig_response, debugging_id): mutant.uploaded_file_name = file_name mutant.extension = extension mutant.file_content = file_content - mutant.file_payload = payload + mutant.file_payload = payload if success else file_content # If the specified extension does not have a template, use the generated file contents as a payload instead mutant.debugging_id = debugging_id self._send_mutants_in_threads(self._uri_opener.send_mutant,