Robert, 2008/12/1 Viktor Gazdag <[EMAIL PROTECTED]>: > 2008/11/30 Robert Larsen <[EMAIL PROTECTED]> >> >> Hi all >> >> I've been playing with w3af for a month now and I am very impressed. >> Great work guys. >> In fact, next wednesday I am doing a 15 minutes w3af demo to the first >> OWASP meeting in Denmark, but I have a bit of a problem. >> >> I created a web application that suffers from a remote file inclusion >> vulnerability and w3af finds it in seconds so I go to the "Exploit" tab >> and clicks the "Remote file inclusion vulnerability" in the >> "Vulnerabilities" list. "remoteFileIncludeShell" and "rfiProxy" is now >> bold, indicating that I can use them, so I drag them onto the >> vulnerability. >> >> "remoteFileIncludeShell" says: >> Checking suitability... >> Sorry, this attack plugin can not exploit this vulnerability >> >> >> ...and "rfiProxy" says: >> Checking suitability... >> ok >> Exploiting... >> No remote file inclusion vulnerabilities have been found. >> >> Why is this ? I have way enough material to do a good demo but I would >> like to show everything. > > Did you configure it?
Right button over the plugin in the GUI, "exploit config remoteFileInclusionShell" in the console. >> >> Sincerely, >> Robert Larsen >> >> ------------------------------------------------------------------------- >> This SF.Net email is sponsored by the Moblin Your Move Developer's >> challenge >> Build the coolest Linux based applications with Moblin SDK & win great >> prizes >> Grand prize is a trip for two to an Open Source event anywhere in the >> world >> http://moblin-contest.org/redirect.php?banner_id=100&url=/ >> _______________________________________________ >> W3af-users mailing list >> [email protected] >> https://lists.sourceforge.net/lists/listinfo/w3af-users > > > ------------------------------------------------------------------------- > This SF.Net email is sponsored by the Moblin Your Move Developer's challenge > Build the coolest Linux based applications with Moblin SDK & win great > prizes > Grand prize is a trip for two to an Open Source event anywhere in the world > http://moblin-contest.org/redirect.php?banner_id=100&url=/ > _______________________________________________ > W3af-users mailing list > [email protected] > https://lists.sourceforge.net/lists/listinfo/w3af-users > > -- Andres Riancho http://w3af.sourceforge.net/ Web Application Attack and Audit Framework ------------------------------------------------------------------------- This SF.Net email is sponsored by the Moblin Your Move Developer's challenge Build the coolest Linux based applications with Moblin SDK & win great prizes Grand prize is a trip for two to an Open Source event anywhere in the world http://moblin-contest.org/redirect.php?banner_id=100&url=/ _______________________________________________ W3af-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/w3af-users
