On Tue, Feb 21, 2012 at 10:36 AM, sechat blue <[email protected]> wrote: > Hi List > > i through w3af first scan for testasp.vulnweb.com , i think w3af lfi module > miss the one vuln > http://testasp.vulnweb.com/Templatize.asp?item=Templatize.asp > > what about resolve it ?
Sounds simple, but it is not :( I can't say without scanning the site but I bet that the problem is not in the local file read detection [0] but in the web crawling feature. In order to identify the vulnerability, we first need to find the "item" parameter in "Templatize.asp", and that first step (in my very quick assumption) is what is failing. If w3af is failing to find that link/parameter it's most likely because of some javascript. Let me scan this for a while and I'll let you know. [0] http://sourceforge.net/apps/trac/w3af/browser/trunk/plugins/audit/localFileInclude.py > Thanks > > ------------------------------------------------------------------------------ > Keep Your Developer Skills Current with LearnDevNow! > The most comprehensive online learning library for Microsoft developers > is just $99.99! Visual Studio, SharePoint, SQL - plus HTML5, CSS3, MVC3, > Metro Style Apps, more. Free future releases when you subscribe now! > http://p.sf.net/sfu/learndevnow-d2d > _______________________________________________ > W3af-users mailing list > [email protected] > https://lists.sourceforge.net/lists/listinfo/w3af-users > -- Andrés Riancho Director of Web Security at Rapid7 LLC Founder at Bonsai Information Security Project Leader at w3af ------------------------------------------------------------------------------ Keep Your Developer Skills Current with LearnDevNow! The most comprehensive online learning library for Microsoft developers is just $99.99! Visual Studio, SharePoint, SQL - plus HTML5, CSS3, MVC3, Metro Style Apps, more. Free future releases when you subscribe now! http://p.sf.net/sfu/learndevnow-d2d _______________________________________________ W3af-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/w3af-users
