Andrés, Marthe,
On Mon, Jul 20, 2009 at 10:20 AM, Marthe Engebretsen<[email protected]> wrote: > Dear list, > > I've been testing W3AF for some weeks now, as part of a large project > concerning web application security and web application vulnerability > scanning. W3AF is one of my absolute favorites of the tools tested, but > recently I've got some problems when scanning my "known vulnerable test > site" for SQL Injections. > > In order to check how the tool manage blind SQL injections my test site has > been modified to not show database error messages (MySQL-database). When the > blindSqli plugin is enabled it only returns:" Too many retries when trying > to get: . URL.". I've tried to tune both blindSqli-plugin settings and > http-settings, but I still get the same result. > > Any ideas on what the problem is, and how to get the plugin to work > properly? Are you using some kind of IPS, that could be closing TCP connections based on the packet payloads? No, there are no IPS. The test server is only protected by IP restrictions. Cheers, Marthe Engebretsen > > ------------------------------------------------------------------------------ > Enter the BlackBerry Developer Challenge > This is your chance to win up to $100,000 in prizes! For a limited time, > vendors submitting new applications to BlackBerry App World(TM) will have > the opportunity to enter the BlackBerry Developer Challenge. See full prize > details at: http://p.sf.net/sfu/Challenge > _______________________________________________ > W3af-users mailing list > [email protected] > https://lists.sourceforge.net/lists/listinfo/w3af-users > > -- Andrés Riancho Founder, Bonsai - Information Security http://www.bonsai-sec.com/ http://w3af.sf.net/ ------------------------------------------------------------------------------ Enter the BlackBerry Developer Challenge This is your chance to win up to $100,000 in prizes! For a limited time, vendors submitting new applications to BlackBerry App World(TM) will have the opportunity to enter the BlackBerry Developer Challenge. See full prize details at: http://p.sf.net/sfu/Challenge _______________________________________________ W3af-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/w3af-users
