Holy latency batman! Apparently the tubes ave been clogged for a month. ;-)
On 07/15/2010 03:39 PM, Andres Riancho wrote: > Steven, > > On Wed, Jun 9, 2010 at 2:41 PM, Steve Pinkham <[email protected]> wrote: >> Andres, >> Are you maintaining the version that is in CVS, or is there later code >> in another location? > > The test environment available at [0] should be the latest version > of the test scripts. On the other hand, "moth" virtual machine is a > working implementation of the test environment (mysql, correct > directory permissions, apache and php set to be vulnerable). > > [0] http://w3af.svn.sourceforge.net/viewvc/w3af/extras/testEnv/ Good to know. Since I sent the message I found the flaws were in both the cvs and Moth. >> I've found lots of problems due to renames and moves and such in the CVS >> version, and don't want to spend a lot of time creating patches if there >> is a later fixed version already. > > Could you please report these issues in a more detailed way? Thanks! > I will.. Unfortunately by now I've forgotten what most of them were. If you load up moth and browse around you'll find plenty of things that don't work. I like the "LinkChecker" firefox plugin myself. Here's a few I've turned up: audit/buffer overflows 404 audit/format strings 404 In the captcha image at http://10.0.10.143/w3af/discovery/find_captcha/ "Fatal error: Call to undefined function imagecreatetruecolor() in /var/www/w3af/discovery/find_captcha/securimage.php on line 478 " Discovery/test the spider leads to a 404 (s/webSpider/web_spider/) discovery/secure SWF 404 (core/flash/login.swf perhaps? couldn't find this one) discovery/google sets and wordnet 404 (looks like it's two separate links now instead of one) core tests/analyze 404 (s/timeAnalysis/time_analysis/) core tests/GPC magic quotes 404 -- | Steven Pinkham, Security Researcher | | http://www.mavensecurity.com | | GPG public key ID CD31CAFB | ------------------------------------------------------------------------------ This SF.net email is sponsored by Sprint What will you do first with EVO, the first 4G phone? Visit sprint.com/first -- http://p.sf.net/sfu/sprint-com-first _______________________________________________ W3af-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/w3af-users
