Hi all! I am a security professional working with, among other things, large scale vulnerability assessments. While evaluating w3af for use in automated scanning of discovered webservers I found a couple of bugs.
As Andres got fed up with being my personal support-monkey he suggested I join up here and discuss any further issues with the community. ;) Thus I have a bug to report in the 1.0-rc1 release. The webSpider module gets confused by Apache error pages and gets stuck in a loop as the log shows: New URL found by webSpider plugin: http://10.80.2.1/support/admin/Apache/Apache/1.3.23 New URL found by webSpider plugin: http://10.80.2.1/support/admin/Apache/Apache/Apache/1.3.23 New URL found by webSpider plugin: http://10.80.2.1/support/admin/Apache/Apache/Apache/Apache/1.3.23 New URL found by webSpider plugin: http://10.80.2.1/support/admin/Apache/Apache/Apache/Apache/Apache/1.3.23 Where /support/admin looks like: HTTP/1.1 403 Forbidden date: Mon, 09 Mar 2009 15:54:21 GMT transfer-encoding: chunked content-type: text/html; charset=iso-8859-1 server: Apache/1.3.23 (Unix) PHP/4.1.2 <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"> <HTML><HEAD> <TITLE>403 Forbidden</TITLE> </HEAD><BODY> <H1>Forbidden</H1> You don't have permission to access /support/admin/ on this server.<P> <HR> <ADDRESS>Apache/1.3.23 Server at xxx.xxx.xxx.xxx Port 80</ADDRESS> </BODY></HTML> I hope I can be of more use to the community in the future when I might actually have time to hunt down this type of bug and squash it. Also I have some ideas on how to improve certain modules (localFileInclude etc.) that I'd like to discuss in this forum. I'll also be sharing the results of my work-use of w3af with you soon... 'Til then, Cheers! /olle ------------------------------------------------------------------------------ Apps built with the Adobe(R) Flex(R) framework and Flex Builder(TM) are powering Web 2.0 with engaging, cross-platform capabilities. Quickly and easily build your RIAs with Flex Builder, the Eclipse(TM)based development software that enables intelligent coding and step-through debugging. Download the free 60 day trial. http://p.sf.net/sfu/www-adobe-com _______________________________________________ W3af-develop mailing list W3af-develop@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/w3af-develop
