Andres Riancho wrote:
> Robert,
>
> 2008/12/1 Viktor Gazdag <[EMAIL PROTECTED]>:
>
>> 2008/11/30 Robert Larsen <[EMAIL PROTECTED]>
>>
>>> Hi all
>>>
>>> I've been playing with w3af for a month now and I am very impressed.
>>> Great work guys.
>>> In fact, next wednesday I am doing a 15 minutes w3af demo to the first
>>> OWASP meeting in Denmark, but I have a bit of a problem.
>>>
>>> I created a web application that suffers from a remote file inclusion
>>> vulnerability and w3af finds it in seconds so I go to the "Exploit" tab
>>> and clicks the "Remote file inclusion vulnerability" in the
>>> "Vulnerabilities" list. "remoteFileIncludeShell" and "rfiProxy" is now
>>> bold, indicating that I can use them, so I drag them onto the
>>> vulnerability.
>>>
>>> "remoteFileIncludeShell" says:
>>> Checking suitability...
>>> Sorry, this attack plugin can not exploit this vulnerability
>>>
>>>
>>> ...and "rfiProxy" says:
>>> Checking suitability...
>>> ok
>>> Exploiting...
>>> No remote file inclusion vulnerabilities have been found.
>>>
>>> Why is this ? I have way enough material to do a good demo but I would
>>> like to show everything.
>>>
>> Did you configure it?
>>
>
> Right button over the plugin in the GUI, "exploit config
> remoteFileInclusionShell" in the console.
>
>
I tried this, but the "remoteFileIncludeShell" still says that it ain't
able to exploit the vuln. I only change the "Bind address" option. Does
it depend on Python or something else being installed on the server ?
The rfiProxy crashes when I try to configure:
traceback (most recent call last):
File "/home/robert/code/w3af/core/ui/gtkUi/exploittab.py", line 306,
in _configureExploit
confpanel.ConfigDialog(title, self.w3af, plugin, showDesc=True)
File "/home/robert/code/w3af/core/ui/gtkUi/confpanel.py", line 280, in
__init__
longLabel.set_text( plugin.getLongDesc() )
File
"/home/robert/code/w3af/core/controllers/basePlugin/basePlugin.py", line
102, in getLongDesc
raise w3afException('Plugin is not implementing required method
getLongDesc' )
w3afException: Plugin is not implementing required method getLongDesc
I get the same problems with both the 0.7 version and the latest from
Subversion. But with the latest version the plugins take way longer to
finish (maybe they are more thorough) and changing profiles gives me
another error: "The optionList object doesn't contain an option with the
name: rfiUrl"
Also this seems to cause no plugins to be selected for the profile.
Any ideas ?
-------------------------------------------------------------------------
This SF.Net email is sponsored by the Moblin Your Move Developer's challenge
Build the coolest Linux based applications with Moblin SDK & win great prizes
Grand prize is a trip for two to an Open Source event anywhere in the world
http://moblin-contest.org/redirect.php?banner_id=100&url=/
_______________________________________________
W3af-users mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/w3af-users
