Olle, On Wed, Mar 11, 2009 at 11:55 AM, olle <o...@nxs.se> wrote: > Hi all! > > I am a security professional working with, among other things, large scale > vulnerability assessments. > While evaluating w3af for use in automated scanning of discovered webservers > I found a couple of bugs. > > As Andres got fed up with being my personal support-monkey he suggested I > join up here and discuss > any further issues with the community. ;) Thus I have a bug to report in the > 1.0-rc1 release. > > The webSpider module gets confused by Apache error pages and gets stuck in a > loop as the log shows: > > New URL found by webSpider plugin: > http://10.80.2.1/support/admin/Apache/Apache/1.3.23 > New URL found by webSpider plugin: > http://10.80.2.1/support/admin/Apache/Apache/Apache/1.3.23 > New URL found by webSpider plugin: > http://10.80.2.1/support/admin/Apache/Apache/Apache/Apache/1.3.23 > New URL found by webSpider plugin: > http://10.80.2.1/support/admin/Apache/Apache/Apache/Apache/Apache/1.3.23
I don't really know how, but I was fixing other bugs, and I remembered this one... so I just fixed it. Better later than never, right? ;) > Where /support/admin looks like: > > HTTP/1.1 403 Forbidden > date: Mon, 09 Mar 2009 15:54:21 GMT > transfer-encoding: chunked > content-type: text/html; charset=iso-8859-1 > server: Apache/1.3.23 (Unix) PHP/4.1.2 > > > <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"> > <HTML><HEAD> > <TITLE>403 Forbidden</TITLE> > </HEAD><BODY> > <H1>Forbidden</H1> > You don't have permission to access /support/admin/ > on this server.<P> > <HR> > <ADDRESS>Apache/1.3.23 Server at xxx.xxx.xxx.xxx Port 80</ADDRESS> > </BODY></HTML> > > I hope I can be of more use to the community in the future when I might > actually have time to hunt down this type > of bug and squash it. Also I have some ideas on how to improve certain > modules (localFileInclude etc.) that I'd > like to discuss in this forum. I'll also be sharing the results of my > work-use of w3af with you soon... > > 'Til then, > > Cheers! > > /olle > > ------------------------------------------------------------------------------ > Apps built with the Adobe(R) Flex(R) framework and Flex Builder(TM) are > powering Web 2.0 with engaging, cross-platform capabilities. Quickly and > easily build your RIAs with Flex Builder, the Eclipse(TM)based development > software that enables intelligent coding and step-through debugging. > Download the free 60 day trial. http://p.sf.net/sfu/www-adobe-com > _______________________________________________ > W3af-develop mailing list > W3af-develop@lists.sourceforge.net > https://lists.sourceforge.net/lists/listinfo/w3af-develop > -- Andrés Riancho Founder, Bonsai - Information Security http://www.bonsai-sec.com/ http://w3af.sf.net/ ------------------------------------------------------------------------------ Come build with us! The BlackBerry(R) Developer Conference in SF, CA is the only developer event you need to attend this year. Jumpstart your developing skills, take BlackBerry mobile applications to market and stay ahead of the curve. Join us from November 9 - 12, 2009. Register now! http://p.sf.net/sfu/devconference _______________________________________________ W3af-develop mailing list W3af-develop@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/w3af-develop
