Re: [W3af-users] W3af Owasp top 10 scan question

Wed, 07 Dec 2011 02:45:32 -0800 

Mark,

On Tue, Dec 6, 2011 at 12:15 PM, Markb <[email protected]> wrote:
> When scanning a local IIS server I see an expandable tree entitled
> "mails."  It has several entries like:
>
> "The mail account: "buyersecure41@41" was found in the MIT PKS server"
>
> How do I interpret this?

    Good question :)

    First of all, it looks like a false positive. I'll explain how it got there:

- Most likely you put an IP address as the target
- Started the scan with fingerPKS enabled
- fingerPKS searched for the IP address in the MIT PKS server, which
returned a bunch of results (for some reason)
- fingerPKS failed to validate that the result was a valid one and
simply added it to the email list

    Just added that final step of verification to the code. This issue
should be fixed in r4527. Please update to the latest version and run
the scan again. Let me know if the bogus result is still there.

Regards,

> ------------------------------------------------------------------------------
> Cloud Services Checklist: Pricing and Packaging Optimization
> This white paper is intended to serve as a reference, checklist and point of
> discussion for anyone considering optimizing the pricing and packaging model
> of a cloud services business. Read Now!
> http://www.accelacomm.com/jaw/sfnl/114/51491232/
> _______________________________________________
> W3af-users mailing list
> [email protected]
> https://lists.sourceforge.net/lists/listinfo/w3af-users



-- 
Andrés Riancho
Director of Web Security at Rapid7 LLC
Founder at Bonsai Information Security
Project Leader at w3af

------------------------------------------------------------------------------
Cloud Services Checklist: Pricing and Packaging Optimization
This white paper is intended to serve as a reference, checklist and point of 
discussion for anyone considering optimizing the pricing and packaging model 
of a cloud services business. Read Now!
http://www.accelacomm.com/jaw/sfnl/114/51491232/
_______________________________________________
W3af-users mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/w3af-users

Reply via email to