For what it is worth I did also notice some false positive using the same pluggin, in fact it showed that it found so many backdoors when it was not the case.
Stephan Debelle Digital Marketing Services, Americas https://dms.unilever.com 201-894-7180 - NJ 203-258-9559 - Mobile 203-581-6010 - Fax -----Original Message----- From: [email protected] [mailto:[email protected]] On Behalf Of Andres Riancho Sent: Wednesday, March 25, 2009 9:51 PM To: [email protected] Cc: [email protected] Subject: Re: [W3af-users] w3af newbie question Anirban, On Wed, Mar 25, 2009 at 5:41 PM, Anirban Banerjee <[email protected]> wrote: > Dear all, > I am a w3af newbie. I have searched for an answer to my > question but have not found something spot on and hence this mail. > > I ran a scan against a site and this is what came up among other things. > > A web backdoor was found at: > http://www.xxxxxxxxxxx.com/php-backdoor.php ; this could indicate that > your server was hacked. The vulnerability was found in the request > with id 326. > > URL : http://www.xxxxxxxxxxx.com/php-backdoor.php > > I have checked the server and have not found any file like this, I > have used search engines to see if they picked up anything and they > didn't. I have tried the URL and got 404 errors. Should I use netcat > to connect or something? I have looked at the output-http.txt file and > located Request/Response 326 and see a 404 error there. Any advice > would be greatly appreciated :) Seems to be a false positive, w3af fails to detect 404 error messages sometimes. > Thanks :-) > > > > ---------------------------------------------------------------------- > -------- _______________________________________________ > W3af-users mailing list > [email protected] > https://lists.sourceforge.net/lists/listinfo/w3af-users > -- Andrés Riancho http://www.bonsai-sec.com/ http://w3af.sourceforge.net/ ------------------------------------------------------------------------------ _______________________________________________ W3af-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/w3af-users ------------------------------------------------------------------------------ _______________________________________________ W3af-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/w3af-users
