On Fri, Mar 27, 2009 at 12:41 PM, Anirban Banerjee <[email protected]> wrote: > On Fri, 2009-03-27 at 08:33 -0400, Debelle, Stephan wrote: >> For what it is worth I did also notice some false positive using the same >> pluggin, in fact it showed that it found so many backdoors when it was not >> the case. >> > On a lighter note, when I ran this plugin against a test site I nearly > had a heart attack, every possible backdoor was reported as > active..whew! :D
If you upgrade to the latest version, you shouldn't have this problem. >> >> Stephan Debelle >> Digital Marketing Services, Americas >> https://dms.unilever.com >> 201-894-7180 - NJ >> 203-258-9559 - Mobile >> 203-581-6010 - Fax >> >> >> -----Original Message----- >> From: [email protected] >> [mailto:[email protected]] On Behalf Of Andres Riancho >> Sent: Wednesday, March 25, 2009 9:51 PM >> To: [email protected] >> Cc: [email protected] >> Subject: Re: [W3af-users] w3af newbie question >> >> Anirban, >> >> On Wed, Mar 25, 2009 at 5:41 PM, Anirban Banerjee <[email protected]> >> wrote: >> > Dear all, >> > I am a w3af newbie. I have searched for an answer to my >> > question but have not found something spot on and hence this mail. >> > >> > I ran a scan against a site and this is what came up among other things. >> > >> > A web backdoor was found at: >> > http://www.xxxxxxxxxxx.com/php-backdoor.php ; this could indicate that >> > your server was hacked. The vulnerability was found in the request >> > with id 326. >> > >> > URL : http://www.xxxxxxxxxxx.com/php-backdoor.php >> > >> > I have checked the server and have not found any file like this, I >> > have used search engines to see if they picked up anything and they >> > didn't. I have tried the URL and got 404 errors. Should I use netcat >> > to connect or something? I have looked at the output-http.txt file and >> > located Request/Response 326 and see a 404 error there. Any advice >> > would be greatly appreciated :) >> >> Seems to be a false positive, w3af fails to detect 404 error messages >> sometimes. >> >> > Thanks :-) >> > >> > >> > >> > ---------------------------------------------------------------------- >> > -------- _______________________________________________ >> > W3af-users mailing list >> > [email protected] >> > https://lists.sourceforge.net/lists/listinfo/w3af-users >> > >> >> >> >> -- >> Andrés Riancho >> http://www.bonsai-sec.com/ >> http://w3af.sourceforge.net/ >> >> ------------------------------------------------------------------------------ >> _______________________________________________ >> W3af-users mailing list >> [email protected] >> https://lists.sourceforge.net/lists/listinfo/w3af-users > > > -- Andrés Riancho http://www.bonsai-sec.com/ http://w3af.sourceforge.net/ ------------------------------------------------------------------------------ _______________________________________________ W3af-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/w3af-users
