2009/6/8 Andres Riancho <andres.rian...@gmail.com>: > Ryan, > > On Mon, Jun 8, 2009 at 4:50 PM, Ryan Dewhurst<ryandewhu...@gmail.com> wrote: >> I have implemented the re and data checker, to compare them both and >> output as appropriate. > > That part seems to be ok, > >> Seems to be working however in KB the request/response windows are incorrect. > > Could you elaborate more on this? >
If you look at the kb info the request/response windows after the plugin has run it shows inacurate HTTP request/responses. i.e. the version was found from the regular expression in the index.php header, the request/response window will show the http request/response for one of the files in the database rather than the correct index.php. Im finding the above hard to explain, ill take a screenshot to elaborate more. > Related: > - You didn't used the version in the SVN to create the new > version, they are some inconsistencies. Please use the SVN version to > build from it. I did use the SVN version. > - It doesn't make sense to check for index.php instead of > wp-login.php , the index.php would be a match for almost every web > application running PHP. The idea is to check for wp-login.php to be > able to be more performant and don't request all files in the > fingerprint database for every directory in the web application. > > Cheers, > It does check for wp-login.php rather than index.php. # Main scan URL passed from w3af + unique wp file wp_unique_url = urlParser.getDomainPath( fuzzableRequest.getURL() ) + '/wp-login.php' response = self._urlOpener.GET( wp_unique_url, useCache=True ) # If wp_unique_url is not 404, wordpress = true if not is_404( response ): Am I missing the point? Ryan >> Ryan >> > > > > -- > Andrés Riancho > Founder, Bonsai - Information Security > http://www.bonsai-sec.com/ > http://w3af.sf.net/ > ------------------------------------------------------------------------------ Crystal Reports - New Free Runtime and 30 Day Trial Check out the new simplified licensing option that enables unlimited royalty-free distribution of the report engine for externally facing server and web deployment. http://p.sf.net/sfu/businessobjects _______________________________________________ W3af-develop mailing list W3af-develop@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/w3af-develop
