>Then the problem should be in another place, I think that the plugin
>that could be generating the problem is fingerPKS. Could you take a
>look at it? Thanks!
Yes, In fingerKPS.py i found :
<code>
results = pks_se.search( domain_root )
for result in results:
i = info.info()
i.setURL( 'http://pgp.mit.edu:11371/' )
mail = result.username +'@' + domain_root
i.setName( mail )
-------<snip>-----------
</code>
and in pks.py :
<code>
content = re.sub('(<.*?>|<|>)', '', content)
results = []
accounts = []
for line in content.split('\n')[6:]:
if not line.strip():
continue
tokens = line.split()
email = None
name = None
if re.search('\d{4}/\d{2}/\d{2}', line):
email = tokens[-1]
name = ' '.join(tokens[3:-1])
else:
email = tokens[-1]
name = ' '.join(tokens[:-1])
account = email.split('@')[0]
if not account.count('*'): # This kills revokated lines
if name != None and email != None and account not in
accounts:
pksr = pksResult( name, account )
results.append( pksr )
accounts.append( account )
return results
</code>
So ,problem here is pks does not check for any "/" or "=" character in
email.
I think to solve problem, simple check result.name in :
<code>results = pks_se.search( domain_root )<code>
any name with special character will be reject here.
------------------------------------------------------------------------------
_______________________________________________
W3af-develop mailing list
W3af-develop@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/w3af-develop
