Hey Shreyas,
According to the output of "report-full audit.html" there was a connection
issue. There were a number of 'HTTP timeout errors'.
The sqli plugin got an error while requesting "
http://demo.testfire.net/subscribe.aspx";. Reason: "HTTP timeout error"
rror"
Thx,
ad^2
On Wed, Oct 12, 2016 at 2:34 AM, Shreyas M R <shreyas7...@gmail.com> wrote:
> Hi,
>
> Thanks for suggestions ad^2
> Sorry for late reply
>
> 1) I have used w3af version: 1.6.54
> 2) I used console to do the scan as gui hangs sometimes
> 3) I used Full audit profile (other than this i didnt not use any plugins
> or exploit)
> 4) scan output I'm sharing as attachment
>
>
> the steps I followed are
> profiles Full audit
> plugins output html_file, csv_file
> target set target http://demo.testfire.net
> start
>
> I have different output for same profile and same target.
>
> Please help me out in this
>
> Thanks
> Shreyas
>
>
>
>
>
>
> [image: --]
>
> Shreyas M R
> [image: http://]about.me/shreyasmrs
> <http://about.me/shreyasmrs?promo=email_sig>
>
>
> On Wed, Oct 5, 2016 at 9:15 PM, ad^2 <adsquai...@gmail.com> wrote:
>
>> Hello,
>>
>> First, it's always good to include the steps you used to reproduce the
>> issue reported. Help us the community help you by providing more details
>> and things you have tried.
>>
>> What version of w3af?
>> GUI or Console?
>> Your selection of plugins/profiles/exploits, etc.? (you mentioned OWASP
>> top 10).
>> What is the output of the scan?
>>
>>
>> Try this and let me know if you find something interesting.
>>
>> w3af -s testfire.w3af.script
>>
>> [testfire script file contents]
>>
>> profiles use audit_high_risk
>> plugins output html_file
>> plugins output config html_file
>> set output_file /root/testfire.html
>> back
>> plugins audit blind_sqli sqli
>> target set target http://demo.testfire.net
>> start
>>
>>
>>
>>
>> Thx,
>>
>> ad^2
>>
>>
>>
>>
>> On Wed, Oct 5, 2016 at 1:59 AM, Shreyas M R <shreyas7...@gmail.com>
>> wrote:
>>
>>> Hi,
>>>
>>> I'm using w3af owasp top10 profile on http://demo.testfire.net/ which
>>> has sqli and xss vulnerabilities. I'm not getting any vulnerabilities from
>>> w3af scan. please anyone help me out in this.
>>>
>>>
>>>
>>>
>>> [image: --]
>>>
>>> Shreyas M R
>>> [image: http://]about.me/shreyasmrs
>>> <http://about.me/shreyasmrs?promo=email_sig>
>>>
>>>
>>> ------------------------------------------------------------
>>> ------------------
>>> Check out the vibrant tech community on one of the world's most
>>> engaging tech sites, SlashDot.org! http://sdm.link/slashdot
>>> _______________________________________________
>>> W3af-users mailing list
>>> W3af-users@lists.sourceforge.net
>>> https://lists.sourceforge.net/lists/listinfo/w3af-users
>>>
>>>
>>
>
------------------------------------------------------------------------------
Check out the vibrant tech community on one of the world's most
engaging tech sites, SlashDot.org! http://sdm.link/slashdot
_______________________________________________
W3af-users mailing list
W3af-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/w3af-users
