Re: Webinspect stops while auditing (693 Views)
Reply
Occasional Collector
Khaledshokry
Posts: 2
Registered: ‎07-03-2011
Message 1 of 4 (722 Views)

Webinspect stops while auditing

Dears,

 

am facing a showstopper while making a penetration test to an application.

After crawling and auditing over than 1 day scan duration.

 

The tool has stopped performing auditing and firing the below error:

 

"SPI.Scanners.Web.Audit.Auditor SPI.Scanners.Web.Framework.FrameworkInvalidOperationException: in validateSessionStatusChange, invalid status change from DisabledByUser to Excluded"

 

This error has been fired after the row below recorded on the scan log:

 

"New Blind SQL check (checkid 10962) is not enabled, A Policy with both check 10962 and check 11199 enabled is recommended"

 

So please advise if you had encountered this issue before.

 

Thanks in advance,
Khaled Shokry
Khaled.shokry@hp.com

Frequent Advisor
Jeremy_Brooks
Posts: 61
Registered: ‎01-04-2011
Message 2 of 4 (711 Views)

Re: Webinspect stops while auditing

[ Edited ]

Hi Khaled,

Just some questions: what version of WI are you using? What policy? Do you have any manual session exclusions defined? I'm talking to devs to find out under what conditions this situation could arise.

quick edit: Did the scan log include a stack trace? If so, please post it. Also, was this a rescan of a scan that had sessions that were manually deleted? Can you provide any addition info on your workflow?

 

The blind sql entry is just be a warning/notice. There were several changes/improvements in the blind sql engine in 9.0. The warning is just there to let you know that you can get better performance and results by enabling both 10962 and 11199. My guess is that you are you using a custom policy from a time when the new check (11199) did not exist. Let me know if that is not true. Anyway, it should not have anything to do with the scan stopping.

 

Jeremy

HP ASC

Occasional Collector
Khaledshokry
Posts: 2
Registered: ‎07-03-2011
Message 3 of 4 (702 Views)

Re: Webinspect stops while auditing

Hi Jeremy,

 

Thanks alot for your detailed reply ,

Kindly i want to share with you and give a full info. regarding my scan configuration ,

First of all, i had selected to run this scan using OWASP top 10 (2010) policy , which I think the blind sql engine should be included on this scan that's why am really surprised with that error.

 

and for your info. am using WI version (9.0.351.1) , but it doesn't seems that the scan log include a stack trace.

 

and about deletion of some session , yes exactly you are true.

I had removed some session ,as I dont want to cover while making the scan.

 

Hope that this info can help us realizing how can we solve this error as it prevents the scan to continue auditing the application.

 

Best regards and have a nice day,

Khaled.

Frequent Advisor
Jeremy_Brooks
Posts: 61
Registered: ‎01-04-2011
Message 4 of 4 (693 Views)

Re: Webinspect stops while auditing

Hi Khaled,

That helps, but still not enough information to reproduce. What were the exact steps that you performed? Did you do a Manual Scan, Standard Scan? Crawl Only, Crawl and Audit? I'm guessing that you did a Crawl Only or a Workflow scan (please confirm), deleted some sessions and then started an audit. I've tried this and am not able to reproduce the issue, so please outline the exact steps that you performed. Thanks.

Jeremy

The opinions expressed above are the personal opinions of the authors, not of HP. By using this site, you accept the Terms of Use and Rules of Participation.