Dennis,
The debian package doesn't contain the latest changes, while the windows
version from the svn does. I can't find another explanation, cause 99% of
the framework was developed to be cross platform. Can you confirm by running
the latest version in lenny?
Regards,
--
Andres Riancho
El oct 18, 2010 7:05 p.m., "Antunes, Dennis" <[email protected]>
escribió:
All, I am wondering if any of you have experienced this. I have been
attempting to bruteforce the admin page of DVWA 1.07.
Consider the following requests:
Request A; being regularly generated on Debian Lenny, from w3af console and
gui v1.0-rc3svn3489-1 pkgs as well as the latest version from svn (3622):
POST /dvwa/login.php HTTP/1.1
Accept-encoding: identity
Accept: */*
User-agent: w3af.sourceforge.net
Host: 192.168.1.206
Cookie: security=high; PHPSESSID=2f63t6u8k9lt2csju28t2hkd74
Content-type: application/x-www-form-urlencoded
Content-Length: 32
username=admin&password=password
Request B; generated from a Win 7 box (of all things) with the latest
version from svn:
POST /dvwa/login.php HTTP/1.1
Accept-encoding: identity
Accept: */*
User-agent: w3af.sourceforge.net
Host: 192.168.1.206
Cookie: path=/, security=high; PHPSESSID=ktmt2qovchfa6bti9r1m238vo6;
Content-type: application/x-www-form-urlencoded
Content-Length: 44
username=admin&Login=Login&password=password
Bruteforce is of course failing from Lenny, while working flawlessly on the
Win7 box. Two differences are clear: The POST from Lenny does not include
the Login parameter. The cookie path is also not set.
The question is why. I’ve of course checked and double-checked dependencies
and diff’d the configs to ensure they are identical. At this point I am out
of ideas.
Hoping someone out there can/will help.
Thanks,
Dennis
------------------------------------------------------------------------------
Download new Adobe(R) Flash(R) Builder(TM) 4
The new Adobe(R) Flex(R) 4 and Flash(R) Builder(TM) 4 (formerly
Flex(R) Builder(TM)) enable the development of rich applications that run
across multiple browsers and platforms. Download your free trials today!
http://p.sf.net/sfu/adobe-dev2dev
_______________________________________________
W3af-users mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/w3af-users
------------------------------------------------------------------------------
Download new Adobe(R) Flash(R) Builder(TM) 4
The new Adobe(R) Flex(R) 4 and Flash(R) Builder(TM) 4 (formerly
Flex(R) Builder(TM)) enable the development of rich applications that run
across multiple browsers and platforms. Download your free trials today!
http://p.sf.net/sfu/adobe-dev2dev
_______________________________________________
W3af-users mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/w3af-users
