Hi Andres
Thank you for your immediate reply and your explain
i have been check my environment w3af version is w3af rc2svn3180-1
i'm only enable webSpider and lfi, i will install the latest w3af version
2012/2/21 Andres Riancho <[email protected]>
> On Tue, Feb 21, 2012 at 10:58 AM, Andres Riancho
> <[email protected]> wrote:
> > On Tue, Feb 21, 2012 at 10:36 AM, sechat blue <[email protected]>
> wrote:
> >> Hi List
> >>
> >> i through w3af first scan for testasp.vulnweb.com , i think w3af lfi
> module
> >> miss the one vuln
> >> http://testasp.vulnweb.com/Templatize.asp?item=Templatize.asp
> >>
> >> what about resolve it ?
> >
> > Sounds simple, but it is not :( I can't say without scanning the site
> > but I bet that the problem is not in the local file read detection [0]
> > but in the web crawling feature. In order to identify the
> > vulnerability, we first need to find the "item" parameter in
> > "Templatize.asp", and that first step (in my very quick assumption) is
> > what is failing. If w3af is failing to find that link/parameter it's
> > most likely because of some javascript. Let me scan this for a while
> > and I'll let you know.
>
> After a scan I've found that in the latest w3af version the
> vulnerability you mention IS found; so... we're identifying the link
> AND the vulnerability in the specific parameter. Which w3af version
> are you using? Which plugins are you enabling? In my case is SVN
> version 4694 and discovery.webSpider and audit.*
>
> > [0]
> http://sourceforge.net/apps/trac/w3af/browser/trunk/plugins/audit/localFileInclude.py
> >
> >> Thanks
> >>
> >>
> ------------------------------------------------------------------------------
> >> Keep Your Developer Skills Current with LearnDevNow!
> >> The most comprehensive online learning library for Microsoft developers
> >> is just $99.99! Visual Studio, SharePoint, SQL - plus HTML5, CSS3, MVC3,
> >> Metro Style Apps, more. Free future releases when you subscribe now!
> >> http://p.sf.net/sfu/learndevnow-d2d
> >> _______________________________________________
> >> W3af-users mailing list
> >> [email protected]
> >> https://lists.sourceforge.net/lists/listinfo/w3af-users
> >>
> >
> >
> >
> > --
> > Andrés Riancho
> > Director of Web Security at Rapid7 LLC
> > Founder at Bonsai Information Security
> > Project Leader at w3af
>
>
>
> --
> Andrés Riancho
> Director of Web Security at Rapid7 LLC
> Founder at Bonsai Information Security
> Project Leader at w3af
>
------------------------------------------------------------------------------
Keep Your Developer Skills Current with LearnDevNow!
The most comprehensive online learning library for Microsoft developers
is just $99.99! Visual Studio, SharePoint, SQL - plus HTML5, CSS3, MVC3,
Metro Style Apps, more. Free future releases when you subscribe now!
http://p.sf.net/sfu/learndevnow-d2d
_______________________________________________
W3af-users mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/w3af-users
