aungkhant,
Please read inline,
On Wed, Feb 18, 2009 at 11:45 AM, aungkhant <[email protected]> wrote:
> Hi w3af team
>
> phpinfo.py
> Added security checks
> w3af_phpinfo.png - screenshot of phpinfo
I loooove screenshots, and this one is a really nice one =)
Here are my comments for phpinfo.py:
- You added " CHANGELOG:..." to the class documentation, and
that's ok, but the problem is that the class documentation is used in
the console user interface to show a small description of the plugin.
Please try: ./w3af_console and then plugins ; discovery ; and watch
the "ugly" description of the phpinfo plugin. I modified this in the
version I commited by doing a second class comment.
- Here:
if(obd == '<i>no value</i>'):
i = info.info()
The "i = info.info()" was removed because it duplicated a line
that was before; and this made the information object appear in the kb
without an associated HTTP request/response.
- I changed some minimal things to keep the same format that's
being used in the rest of the framework like ":on" to ": On" and those
small changes.
After a complete review I must say that your code is simply beautiful.
I only have one question: "does this work for php4 and php5?"
> fingerprint_WAF.py
> Added new signatures
My comments for fingerprint_WAF.py:
- Same little problem with the class documentation.
Once again, beautiful code!
> htmlComments.py (I changed from findComments.py for the sake of clarity)
> I added some words to self._interestingWords
My comments for htmlComments.py:
- I like the name change
- The words you added make no sense, because they are all included in
the "user" and "pass" words at the beginning of the list. I mean... if
the comment contains "userid" it will also contain "user" so that
modification isn't right.
> Thank you guys for review.
Thank you for your contributions!
You've won your SVN commit privileges =) Please try them and let me
know if they work ok. Use this privilege wisely, always use long and
descriptive commit messages, and don't EVER break the trunk!
Cheers,
>
>
>
> ------------------------------------------------------------------------------
> Open Source Business Conference (OSBC), March 24-25, 2009, San Francisco, CA
> -OSBC tackles the biggest issue in open source: Open Sourcing the Enterprise
> -Strategies to boost innovation and cut costs with open source participation
> -Receive a $600 discount off the registration fee with the source code: SFAD
> http://p.sf.net/sfu/XcvMzF8H
> _______________________________________________
> W3af-develop mailing list
> [email protected]
> https://lists.sourceforge.net/lists/listinfo/w3af-develop
>
>
--
Andres Riancho
http://w3af.sourceforge.net/
Web Application Attack and Audit Framework
------------------------------------------------------------------------------
Open Source Business Conference (OSBC), March 24-25, 2009, San Francisco, CA
-OSBC tackles the biggest issue in open source: Open Sourcing the Enterprise
-Strategies to boost innovation and cut costs with open source participation
-Receive a $600 discount off the registration fee with the source code: SFAD
http://p.sf.net/sfu/XcvMzF8H
_______________________________________________
W3af-develop mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/w3af-develop
