nnp, On Sun, Mar 22, 2009 at 1:19 AM, nnp <[email protected]> wrote: > Hey, > > I'm currently playing around with the discovery and audit plugin and > I'm testing on a server where the script /cgibin/finger is installed. > It takes paramaters like /cgibin/finger?root and runs the finger > command on the given input.
Ok, > Now I'm assuming the osCommanding audit module (or at least *some* > module) will attempt this but when I try audit all all I get are a > load of GET requests for the regular URL. I'm obviously > misunderstanding something here so could somebody point me in the > right direction? The question is... is there any link from the main page to: http://target.tld/cgibin/finger?root If there is no link that says to w3af: "the finger resource takes a parameter with the name root", w3af will never, EVER, discover that automagically. On the other hand, if the link actually exists, w3af won't fuzz the name of the parameter, w3af will fuzz the value of it. If the above link is found, and the osCommanding plugin is enabled w3af would try things like: http://target.tld/cgibin/finger?root=echo abc http://target.tld/cgibin/finger?root=ping -n 10 localhost But will never test something like: http://target.tld/cgibin/finger?root;echo abc= http://target.tld/cgibin/finger?root;ping -n 10 localhost= On a related subject, we have been talking about creating a discovery plugin that guesses parameter names, but we haven't really developed it. Cheers, > Cheers, > nnp > > -- > http://www.unprotectedhex.com > http://www.smashthestack.org > > ------------------------------------------------------------------------------ > Apps built with the Adobe(R) Flex(R) framework and Flex Builder(TM) are > powering Web 2.0 with engaging, cross-platform capabilities. Quickly and > easily build your RIAs with Flex Builder, the Eclipse(TM)based development > software that enables intelligent coding and step-through debugging. > Download the free 60 day trial. http://p.sf.net/sfu/www-adobe-com > _______________________________________________ > W3af-users mailing list > [email protected] > https://lists.sourceforge.net/lists/listinfo/w3af-users > -- Andrés Riancho http://www.bonsai-sec.com/ http://w3af.sourceforge.net/ ------------------------------------------------------------------------------ Apps built with the Adobe(R) Flex(R) framework and Flex Builder(TM) are powering Web 2.0 with engaging, cross-platform capabilities. Quickly and easily build your RIAs with Flex Builder, the Eclipse(TM)based development software that enables intelligent coding and step-through debugging. Download the free 60 day trial. http://p.sf.net/sfu/www-adobe-com _______________________________________________ W3af-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/w3af-users
