On Fri, 2009-03-27 at 08:33 -0400, Debelle, Stephan wrote: > For what it is worth I did also notice some false positive using the same > pluggin, in fact it showed that it found so many backdoors when it was not > the case. > On a lighter note, when I ran this plugin against a test site I nearly had a heart attack, every possible backdoor was reported as active..whew! :D > > Stephan Debelle > Digital Marketing Services, Americas > https://dms.unilever.com > 201-894-7180 - NJ > 203-258-9559 - Mobile > 203-581-6010 - Fax > > > -----Original Message----- > From: [email protected] > [mailto:[email protected]] On Behalf Of Andres Riancho > Sent: Wednesday, March 25, 2009 9:51 PM > To: [email protected] > Cc: [email protected] > Subject: Re: [W3af-users] w3af newbie question > > Anirban, > > On Wed, Mar 25, 2009 at 5:41 PM, Anirban Banerjee <[email protected]> > wrote: > > Dear all, > > I am a w3af newbie. I have searched for an answer to my > > question but have not found something spot on and hence this mail. > > > > I ran a scan against a site and this is what came up among other things. > > > > A web backdoor was found at: > > http://www.xxxxxxxxxxx.com/php-backdoor.php ; this could indicate that > > your server was hacked. The vulnerability was found in the request > > with id 326. > > > > URL : http://www.xxxxxxxxxxx.com/php-backdoor.php > > > > I have checked the server and have not found any file like this, I > > have used search engines to see if they picked up anything and they > > didn't. I have tried the URL and got 404 errors. Should I use netcat > > to connect or something? I have looked at the output-http.txt file and > > located Request/Response 326 and see a 404 error there. Any advice > > would be greatly appreciated :) > > Seems to be a false positive, w3af fails to detect 404 error messages > sometimes. > > > Thanks :-) > > > > > > > > ---------------------------------------------------------------------- > > -------- _______________________________________________ > > W3af-users mailing list > > [email protected] > > https://lists.sourceforge.net/lists/listinfo/w3af-users > > > > > > -- > Andrés Riancho > http://www.bonsai-sec.com/ > http://w3af.sourceforge.net/ > > ------------------------------------------------------------------------------ > _______________________________________________ > W3af-users mailing list > [email protected] > https://lists.sourceforge.net/lists/listinfo/w3af-users
------------------------------------------------------------------------------ _______________________________________________ W3af-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/w3af-users
