Hi,
I recently noticed (though they are a couple of months old - so maybe
this has already been added to w3af?) these vulnerabilities which
potentially is quite common on PHP :
http://sirdarckcat.blogspot.com/2009/10/couple-of-unicode-issues-on-php-and.html
Basically, PHP which relies on a filter
Floyd,
On Wed, Dec 23, 2009 at 11:03 AM, Floyd Fuh wrote:
> Hey Andres and list
>
>>> Floyd,
>>>
>>> On Mon, Dec 21, 2009 at 11:58 AM, Floyd Fuh wrote:
>>> > Andres,
>>> >
>>> > Your suggestion will work alright as long as there is no
>>> > word with two different meanings. Means if
>>> > there
Hey Andres and list
>> Floyd,
>>
>> On Mon, Dec 21, 2009 at 11:58 AM, Floyd Fuh wrote:
>> > Andres,
>> >
>> > Your suggestion will work alright as long as there is no
>> > word with two different meanings. Means if
>> > there is no word which means something in one language
>> > and something c
em I see is that
the implementation of such a feature could be really hard, given that
w3af uses threads and maybe one thread runs in position 1 on run #1,
but runs in position 3 on run #2.
>
> cheers
> floyd
>
> PS: Andres, I'm still answering your other mail :)
hehe, ok.
>
other mail :)
Von: Andres Riancho
An: Floyd Fuh
CC: w3af-develop@lists.sourceforge.net
Gesendet: Montag, den 21. Dezember 2009, 13:09:13 Uhr
Betreff: Re: [W3af-develop] FormFiller
Floyd,
On Mon, Dec 21, 2009 at 9:04 AM, Floyd Fuh wrote:
> Hi Andres and list
>
Floyd, Andres,
can someone please enlight me on the pupose of the FormFiller,
before I start posting unqualified comments.
Is it just fill forms with some kind of usefull values so that
w3af gets the next step in the application?
Or is it some kind of fuzzing the form?
For the first (some usefull
Achim,
On Mon, Dec 21, 2009 at 9:20 AM, Achim Hoffmann wrote:
> Floyd, Andres,
>
> can someone please enlight me on the pupose of the FormFiller,
> before I start posting unqualified comments.
> Is it just fill forms with some kind of usefull values so that
> w3af gets the next step in the applic
like this:
match = ''
for word in word_list:
for parameter in parameter_list:
if word in parameter and len(word) > len(match):
match = word
What do you think? With something like this we would be matching to
the longest match, thus the problems you mention would dissa
What do you think?
cheers
floyd
____
Von: Andres Riancho
An: Floyd Fuh
CC: w3af-develop@lists.sourceforge.net
Gesendet: Montag, den 21. Dezember 2009, 12:29:25 Uhr
Betreff: Re: [W3af-develop] FormFiller
Floyd,
On Mon, Dec 21, 2009 at 5:26 AM, Floyd Fuh wrote
uh
> CC: w3af-develop@lists.sourceforge.net
> Gesendet: Donnerstag, den 17. Dezember 2009, 17:10:23 Uhr
> Betreff: Re: [W3af-develop] FormFiller
>
> Floyd,
>
> On Thu, Dec 17, 2009 at 12:18 PM, Floyd Fuh wrote:
>> Hi list
>>
>> I had a look at the core.data.fu
Von: Andres Riancho
An: Floyd Fuh
CC: w3af-develop@lists.sourceforge.net
Gesendet: Donnerstag, den 17. Dezember 2009, 17:10:23 Uhr
Betreff: Re: [W3af-develop] FormFiller
Floyd,
On Thu, Dec 17, 2009 at 12:18 PM, Floyd Fuh wrote:
> Hi list
>
> I had a look at the core.data.fuzzer.f
Floyd,
On Thu, Dec 17, 2009 at 12:18 PM, Floyd Fuh wrote:
> Hi list
>
> I had a look at the core.data.fuzzer.formFiller. Wouldn't it be better if
> a password field is always filled with the same value (for example
> w3af-FrAmEW0rK.)?
> Because sometimes you have to fill in the same password twic
Hi list
I had a look at the core.data.fuzzer.formFiller. Wouldn't it be better if
a password field is always filled with the same value (for example
w3af-FrAmEW0rK.)?
Because sometimes you have to fill in the same password twice (for example in a
register
form). I did it for my local version an
13 matches
Mail list logo
