Hi Andres,
Oh I think I know why. I put DVWA-1.0.7.zip at the web root, and had the
content of it extracted to dvwa folder.
So if I point to the webserver IP, I would get a directory listing of the
DVWA-1.0.7.zip and the dvwa folder. And somehow the audit rfi plugins tried
inject something to DVWA-1.0.7.zip (I turned on the fuzz url option).
Could that be the caused of it?
> From: [email protected]
> Date: Mon, 17 Jun 2013 09:26:29 -0300
> Subject: Re: [W3af-users] The exception was: "Invalid URL"
> To: [email protected]
> CC: [email protected]
>
> Zuhdi,
>
> On Sun, Jun 16, 2013 at 7:27 AM, Zuhdi Najib <[email protected]> wrote:
> > Hi,
> >
> > I get this error when running audit rfi plugins:
> >
> > An exception was found while running audit.rfi on
> > "http://domain/DVWA-1.0.7.zip | Method: GET". The exception was: "Invalid
> > URL "dvwa-http:/w3af.org/rfi.html.0.7.zip"" at pool.py:next():626. The scan
> > will continue but some vulnerabilities might not be identified.
> >
> > Any thoughts on this?
>
> Looks strange to me too. What's the content of "DVWA-1.0.7.zip" ? Is
> that publicly available? (I know about DVWA, but maybe you're doing
> something extra?)
>
> >
> >
> > ------------------------------------------------------------------------------
> > This SF.net email is sponsored by Windows:
> >
> > Build for Windows Store.
> >
> > http://p.sf.net/sfu/windows-dev2dev
> > _______________________________________________
> > W3af-users mailing list
> > [email protected]
> > https://lists.sourceforge.net/lists/listinfo/w3af-users
> >
>
>
>
> --
> Andrés Riancho
> Project Leader at w3af - http://w3af.org/
> Web Application Attack and Audit Framework
> Twitter: @w3af
> GPG: 0x93C344F3
------------------------------------------------------------------------------
This SF.net email is sponsored by Windows:
Build for Windows Store.
http://p.sf.net/sfu/windows-dev2dev
_______________________________________________
W3af-users mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/w3af-users
