Seba,
I'm going through all open w3af bugs, and there are a couple you
reported. Regarding "More out of scope url testing" [0], I would like
to ask you if the page you were testing had a link to paypal. Because
the plugin that reports vulnerabilities like the one you're seeing is
not actually requesting that URL, it is seeing if the HTML that you're
analyzing has a "strange link".
The plugin that is reporting this issue is the
"grep.strangeParameters", and I'm suspecting that this is not a bug,
it is more likely an error in the way the information is reported to
the user, that is making you think that it's a bug.
Please let me know what you think,
[0]
https://sourceforge.net/tracker/?func=detail&aid=2870955&group_id=170274&atid=853652
Cheers,
--
Andrés Riancho
Founder, Bonsai - Information Security
http://www.bonsai-sec.com/
http://w3af.sf.net/
------------------------------------------------------------------------------
Come build with us! The BlackBerry(R) Developer Conference in SF, CA
is the only developer event you need to attend this year. Jumpstart your
developing skills, take BlackBerry mobile applications to market and stay
ahead of the curve. Join us from November 9 - 12, 2009. Register now!
http://p.sf.net/sfu/devconference
_______________________________________________
W3af-develop mailing list
W3af-develop@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/w3af-develop
