Hello, I think that there may be a bug in the Remote File Inclusion checking of w3af.
It checks for a string that is in a file on the sourceforge website. The string doesn't seem to be displaying the way w3af trys to match it. In - /w3af/plugins/audit/remoteFileInclude.py 143 - self._rfi_url = 'http://w3af.sourceforge.net/w3af/remoteFileInclude.html' 144 - self._rfi_result = 'w3af is goood!' The 'http://w3af.sourceforge.net/w3af/remoteFileInclude.html' file displays; <? echo "w3af "; echo "is goood!"; ?> Unless w3af is running the PHP first before matching then I don't think it is going to work. I haven't tested. Ryan Dewhurst My blog: http://www.ethicalhack3r.co.uk My project: http://www.dvwa.co.uk My Twitter: http://www.twitter.com/ethicalhack3r ------------------------------------------------------------------------------ ThinkGeek and WIRED's GeekDad team up for the Ultimate GeekDad Father's Day Giveaway. ONE MASSIVE PRIZE to the lucky parental unit. See the prize list and enter to win: http://p.sf.net/sfu/thinkgeek-promo _______________________________________________ W3af-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/w3af-users
