pham, On Wed, Jul 22, 2009 at 1:50 PM, pham toan<pham0van0t...@gmail.com> wrote: > > > >>Then the problem should be in another place, I think that the plugin >>that could be generating the problem is fingerPKS. Could you take a >>look at it? Thanks! > > Yes, In fingerKPS.py i found : > <code> > results = pks_se.search( domain_root ) > for result in results: > i = info.info() > i.setURL( 'http://pgp.mit.edu:11371/' ) > mail = result.username +'@' + domain_root > i.setName( mail ) > -------<snip>----------- > </code> > > and in pks.py : > <code> > > content = re.sub('(<.*?>|<|>)', '', content) > > results = [] > accounts = [] > > for line in content.split('\n')[6:]: > if not line.strip(): > continue > > tokens = line.split() > > email = None > name = None > > if re.search('\d{4}/\d{2}/\d{2}', line): > email = tokens[-1] > name = ' '.join(tokens[3:-1]) > else: > email = tokens[-1] > name = ' '.join(tokens[:-1]) > > account = email.split('@')[0] > if not account.count('*'): # This kills revokated lines > if name != None and email != None and account not in > accounts: > pksr = pksResult( name, account ) > results.append( pksr ) > accounts.append( account ) > > return results > </code> > > So ,problem here is pks does not check for any "/" or "=" character in > email. > I think to solve problem, simple check result.name in : > > <code>results = pks_se.search( domain_root )<code> > any name with special character will be reject here.
maybe the simplest solution, is to parse the result from the PKS using the htmlParser? > > ------------------------------------------------------------------------------ > > _______________________________________________ > W3af-develop mailing list > W3af-develop@lists.sourceforge.net > https://lists.sourceforge.net/lists/listinfo/w3af-develop > > -- Andrés Riancho Founder, Bonsai - Information Security http://www.bonsai-sec.com/ http://w3af.sf.net/ ------------------------------------------------------------------------------ _______________________________________________ W3af-develop mailing list W3af-develop@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/w3af-develop
