Hi,
I made a talk at OWASP Montreal this week and presented my redos
plugin as an example. Someone tested it and is getting a lot of false
positives because of the case when there was initially a delay but the
confirmation test time is faster than the first. I inspired myself of
the command injection plugin when I wrote it but I realize it might
not be the best idea since it generates a lot of false positives and I
have yet to see a situation were it flagged a vulnerability correctly.
So basically I propose to remove the else block starting at line 146
in audit/redos.py
else:
# The first delay existed... I must report something...
i = info.info()
i.setName('Possible ReDoS vulnerability')
i.setId( response.id )
i.setDc( mutant.getDc() )
i.setMethod( mutant.getMethod() )
msg = 'A possible ReDoS was found at: ' +
mutant.foundAt()
msg += ' . Please review manually.'
i.setDesc( msg )
kb.kb.append( self, 'redos', i )
Regards,
Sébastien
------------------------------------------------------------------------------
This SF.net email is sponsored by Sprint
What will you do first with EVO, the first 4G phone?
Visit sprint.com/first -- http://p.sf.net/sfu/sprint-com-first
_______________________________________________
W3af-develop mailing list
W3af-develop@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/w3af-develop
