Home page logo
/

fulldisclosure logo Full Disclosure mailing list archives

Re: [WEB SECURITY] announcing skipfish, an automated web app, security scanner (NeZa)
From: Nigel Horne <njh () bandsman co uk>
Date: Wed, 24 Mar 2010 12:08:16 +0000

When I tried ./skipfish -o /var/tmp/out -W dictionaries/complete.wl 
http://192.168.1.1

I got this error:

skipfish version 1.19b by <lcamtuf () google com>
*** glibc detected *** ./skipfish: realloc(): invalid pointer: 
0x0000000002101420 ***
======= Backtrace: =========
/lib/libc.so.6[0x7f75d490ed16]
/lib/libc.so.6[0x7f75d49150c5]
./skipfish[0x40bff2]
./skipfish[0x40e0bb]
./skipfish[0x40e28a]
./skipfish[0x403123]
/lib/libc.so.6(__libc_start_main+0xfd)[0x7f75d48bcabd]
./skipfish[0x402369]
======= Memory map: ========
00400000-00429000 r-xp 00000000 08:12 21200950                           
/home/njh/Download/skipfish/skipfish
00628000-00629000 rw-p 00028000 08:12 21200950                           
/home/njh/Download/skipfish/skipfish
00629000-0062a000 rw-p 00000000 00:00 0
02100000-02121000 rw-p 00000000 00:00 0                                  
[heap]
7f75d4484000-7f75d449a000 r-xp 00000000 08:06 3407913                    
/lib/libgcc_s.so.1
7f75d449a000-7f75d4699000 ---p 00016000 08:06 3407913                    
/lib/libgcc_s.so.1
7f75d4699000-7f75d469a000 rw-p 00015000 08:06 3407913                    
/lib/libgcc_s.so.1
7f75d469a000-7f75d469c000 r-xp 00000000 08:06 3408113                    
/lib/libdl-2.10.2.so
7f75d469c000-7f75d489c000 ---p 00002000 08:06 3408113                    
/lib/libdl-2.10.2.so
7f75d489c000-7f75d489d000 r--p 00002000 08:06 3408113                    
/lib/libdl-2.10.2.so
7f75d489d000-7f75d489e000 rw-p 00003000 08:06 3408113                    
/lib/libdl-2.10.2.so
7f75d489e000-7f75d49e8000 r-xp 00000000 08:06 3408094                    
/lib/libc-2.10.2.so
7f75d49e8000-7f75d4be8000 ---p 0014a000 08:06 3408094                    
/lib/libc-2.10.2.so
7f75d4be8000-7f75d4bec000 r--p 0014a000 08:06 3408094                    
/lib/libc-2.10.2.so
7f75d4bec000-7f75d4bed000 rw-p 0014e000 08:06 3408094                    
/lib/libc-2.10.2.so
7f75d4bed000-7f75d4bf2000 rw-p 00000000 00:00 0
7f75d4bf2000-7f75d4c09000 r-xp 00000000 08:06 4180650                    
/usr/lib/libz.so.1.2.3.4
7f75d4c09000-7f75d4e08000 ---p 00017000 08:06 4180650                    
/usr/lib/libz.so.1.2.3.4
7f75d4e08000-7f75d4e09000 rw-p 00016000 08:06 4180650                    
/usr/lib/libz.so.1.2.3.4
7f75d4e09000-7f75d4e3a000 r-xp 00000000 08:06 4181738                    
/usr/lib/libidn.so.11.6.1
7f75d4e3a000-7f75d503a000 ---p 00031000 08:06 4181738                    
/usr/lib/libidn.so.11.6.1
7f75d503a000-7f75d503b000 rw-p 00031000 08:06 4181738                    
/usr/lib/libidn.so.11.6.1
7f75d503b000-7f75d5089000 r-xp 00000000 08:06 4186090                    
/usr/lib/libssl.so.0.9.8
7f75d5089000-7f75d5289000 ---p 0004e000 08:06 4186090                    
/usr/lib/libssl.so.0.9.8
7f75d5289000-7f75d5290000 rw-p 0004e000 08:06 4186090                    
/usr/lib/libssl.so.0.9.8
7f75d5290000-7f75d5404000 r-xp 00000000 08:06 4184592                    
/usr/lib/libcrypto.so.0.9.8
7f75d5404000-7f75d5604000 ---p 00174000 08:06 4184592                    
/usr/lib/libcrypto.so.0.9.8
7f75d5604000-7f75d562c000 rw-p 00174000 08:06 4184592                    
/usr/lib/libcrypto.so.0.9.8
7f75d562c000-7f75d5630000 rw-p 00000000 00:00 0
7f75d5630000-7f75d564d000 r-xp 00000000 08:06 3407962                    
/lib/ld-2.10.2.so
7f75d5829000-7f75d582d000 rw-p 00000000 00:00 0
7f75d5847000-7f75d584c000 rw-p 00000000 00:00 0
7f75d584c000-7f75d584d000 r--p 0001c000 08:06 3407962                    
/lib/ld-2.10.2.so
7f75d584d000-7f75d584e000 rw-p 0001d000 08:06 3407962                    
/lib/ld-2.10.2.so
7fffb41b7000-7fffb41cd000 rw-p 00000000 00:00 0                          
[stack]
7fffb41ff000-7fffb4200000 r-xp 00000000 00:00 0                          
[vdso]
ffffffffff600000-ffffffffff601000 r-xp 00000000 00:00 0                  
[vsyscall]
Aborted (core dumped)
njh () packard:~/Download/skipfish$

The gdb backtrace is:

#0  0x00007f75d48cff45 in *__GI_raise (sig=<value optimized out>)
    at ../nptl/sysdeps/unix/sysv/linux/raise.c:64
#1  0x00007f75d48d2d80 in *__GI_abort () at abort.c:88
#2  0x00007f75d490554d in __libc_message (do_abort=2,
    fmt=0x7fffb41c9c90 ' ' <repeats 23 times>, 
"[stack]\n7fffb41ff000-7fffb4200000 r-xp 00000000 00:00 0", ' ' <repeats 
26 times>, "[vdso]\nffffffffff600000-ffffffffff601000 r-xp 00000000 
00:00 0", ' ' <repeats 18 times>, "[vsyscall]\n:06 4"...) at 
../sysdeps/unix/sysv/linux/libc_fatal.c:173
#3  0x00007f75d490ed16 in malloc_printerr (action=3,
    str=0x7f75d49b6baf "realloc(): invalid pointer", ptr=<value 
optimized out>)
    at malloc.c:6239
#4  0x00007f75d49150c5 in realloc_check (oldmem=0x2101420, bytes=16,
    caller=<value optimized out>) at hooks.c:330
#5  0x000000000040bff2 in __DFL_ck_realloc (orig=0x2101420, size=5665)
    at alloc-inl.h:91
#6  0x000000000040e0bb in wordlist_confirm_single (text=<value optimized 
out>,
    is_ext=<value optimized out>, add_hits=<value optimized out>, 
total_age=2,
    last_age=2) at database.c:841
#7  0x000000000040e28a in load_keywords (fname=<value optimized out>,
    purge_age=0) at database.c:976
#8  0x0000000000403123 in main (argc=6, argv=0x7fffb41ca758) at 
skipfish.c:398

-Nigel

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/


  By Date           By Thread  

Current thread:
  • Re: [WEB SECURITY] announcing skipfish, an automated web app, security scanner (NeZa) Nigel Horne (Mar 24)
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]