Ali,

You can use curl -H"test: ..." http://foo.com/ to verify

Replace ... with the bash exploit

On Thu, Sep 25, 2014 at 2:11 PM, Ali Khalfan <ali.khal...@gmail.com> wrote:
> Andres,
> Is there a way I could manually verify a url? (as in using Nmap or wget and
> checking the response)
>
> I did it twice on a url and once it says it was vulnerable and the other
> says it wasn't
>
> On ٢٥ سبتمبر، ٢٠١٤ ٧:١٨:٣٦ م GMT+03:00, Andres Riancho
> <andres.rian...@gmail.com> wrote:
>>
>> Check the github repository issues, mailing list, etc. This issue (for
>> mac?) has workarounds documented somewhere
>>
>> On Thu, Sep 25, 2014 at 1:04 PM, Ali Khalfan <ali.khal...@gmail.com>
>> wrote:
>>>
>>>  i keep trying to run the git version of w3af and it says that phply is
>>>  missing, yet I have it:
>>>
>>>
>>>
>>>  /usr/local/lib/python2.7/dist-packages/phply-0.9.1-nspkg.pth
>>>  /usr/local/lib/python2.7/dist-packages/phply-0.9.1.egg-info
>>>  /usr/local/lib/python2.7/dist-packages/phply.egg-link
>>>  /usr/local/lib/python2.7/dist-packages/phply/phpast.py
>>>  /usr/local/lib/python2.7/dist-packages/phply/phpast.pyc
>>>  /usr/local/lib/python2.7/dist-packages/phply/phplex.py
>>>  /usr/local/lib/python2.7/dist-packages/phply/phplex.pyc
>>>
>>> /usr/local/lib/python2.7/dist-packages/phply/phpparse.py
>>>  /usr/local/lib/python2.7/dist-packages/phply/phpparse.pyc
>>>  /usr/local/lib/python2.7/dist-packages/phply/pythonast.py
>>>  /usr/local/lib/python2.7/dist-packages/phply/pythonast.pyc
>>>  /usr/local/lib/python2.7/dist-packages/phply-0.9.1.egg-info/PKG-INFO
>>>  /usr/local/lib/python2.7/dist-packages/phply-0.9.1.egg-info/SOURCES.txt
>>>
>>> /usr/local/lib/python2.7/dist-packages/phply-0.9.1.egg-info/dependency_links.txt
>>>
>>> /usr/local/lib/python2.7/dist-packages/phply-0.9.1.egg-info/installed-files.txt
>>>
>>> /usr/local/lib/python2.7/dist-packages/phply-0.9.1.egg-info/namespace_packages.txt
>>>  /usr/local/lib/python2.7/dist-packages/phply-0.9.1.egg-info/not-zip-safe
>>>  /usr/local/lib/python2.7/dist-packages/phply-0.9.1.egg-info/requires.txt
>>>
>>> /usr/local/lib/python2.7/dist-packages/phply-0.9.1.egg-info/top_level.txt
>>>
>>>
>>>  On
>>> 09/25/2014 03:22 PM, Andres Riancho wrote:
>>>>
>>>>  List,
>>>>
>>>>      Take a look at the w3af plugin I've just finished coding [0], it
>>>>  detects shell shock vulnerabilities by using time delays. Pull
>>>>  requests with improvements are welcome :)
>>>>
>>>>  [0] https://gist.github.com/andresriancho/4ef11d75c1f517c24f94
>>>>
>>>>  Regards,
>>>
>>>
>>>
>>> ________________________________
>>>
>>>  Meet PCI DSS 3.0 Compliance Requirements with EventLog Analyzer
>>>  Achieve PCI DSS 3.0 Compliant Status with Out-of-the-box PCI DSS Reports
>>>  Are you Audit-Ready for PCI DSS 3.0 Compliance? Download White paper
>>>  Comply to PCI DSS 3.0 Requirement 10 and 11.5 with EventLog Analyzer
>>>
>>> http://pubads.g.doubleclick.net/gampad/clk?id=154622311&iu=/4140/ostg.clktrk
>>> ________________________________
>>>
>>>  W3af-users mailing list
>>>  W3af-users@lists.sourceforge.net
>>>  https://lists.sourceforge.net/lists/listinfo/w3af-users
>>
>>
>>
>
> --
> Sent from my Android device with K-9 Mail. Please excuse my brevity.



-- 
Andrés Riancho
Project Leader at w3af - http://w3af.org/
Web Application Attack and Audit Framework
Twitter: @w3af
GPG: 0x93C344F3

------------------------------------------------------------------------------
Meet PCI DSS 3.0 Compliance Requirements with EventLog Analyzer
Achieve PCI DSS 3.0 Compliant Status with Out-of-the-box PCI DSS Reports
Are you Audit-Ready for PCI DSS 3.0 Compliance? Download White paper
Comply to PCI DSS 3.0 Requirement 10 and 11.5 with EventLog Analyzer
http://pubads.g.doubleclick.net/gampad/clk?id=154622311&iu=/4140/ostg.clktrk
_______________________________________________
W3af-users mailing list
W3af-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/w3af-users

Reply via email to