Hi all I've been playing with w3af for a month now and I am very impressed. Great work guys. In fact, next wednesday I am doing a 15 minutes w3af demo to the first OWASP meeting in Denmark, but I have a bit of a problem.
I created a web application that suffers from a remote file inclusion vulnerability and w3af finds it in seconds so I go to the "Exploit" tab and clicks the "Remote file inclusion vulnerability" in the "Vulnerabilities" list. "remoteFileIncludeShell" and "rfiProxy" is now bold, indicating that I can use them, so I drag them onto the vulnerability. "remoteFileIncludeShell" says: Checking suitability... Sorry, this attack plugin can not exploit this vulnerability ...and "rfiProxy" says: Checking suitability... ok Exploiting... No remote file inclusion vulnerabilities have been found. Why is this ? I have way enough material to do a good demo but I would like to show everything. Sincerely, Robert Larsen ------------------------------------------------------------------------- This SF.Net email is sponsored by the Moblin Your Move Developer's challenge Build the coolest Linux based applications with Moblin SDK & win great prizes Grand prize is a trip for two to an Open Source event anywhere in the world http://moblin-contest.org/redirect.php?banner_id=100&url=/ _______________________________________________ W3af-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/w3af-users
