Ryan,
On Mon, Jun 8, 2009 at 8:26 PM, Ryan Dewhurst<[email protected]> wrote:
> 2009/6/8 Andres Riancho <[email protected]>:
>> Ryan,
>>
>> On Mon, Jun 8, 2009 at 4:50 PM, Ryan Dewhurst<[email protected]> wrote:
>>> I have implemented the re and data checker, to compare them both and
>>> output as appropriate.
>>
>> That part seems to be ok,
>>
>>> Seems to be working however in KB the request/response windows are
>>> incorrect.
>>
>> Could you elaborate more on this?
>>
>
> If you look at the kb info the request/response windows after the
> plugin has run it shows inacurate HTTP request/responses.
>
> i.e. the version was found from the regular expression in the
> index.php header, the request/response window will show the http
> request/response for one of the files in the database rather than the
> correct index.php.
>
> Im finding the above hard to explain, ill take a screenshot to elaborate more.
Or just tell me a URL where I can run w3af on with your plugin
enabled, and I'll be able to verify this by myself.
>> Related:
>> - You didn't used the version in the SVN to create the new
>> version, they are some inconsistencies. Please use the SVN version to
>> build from it.
>
> I did use the SVN version.
No you didn't, SVN version has something like:
self._version = None
Which is a modification I introduced, and you sent a version that has "the old":
self._version = 'None'
Also, please remember to use the correct settings regarding
indentation, the plugin you sent on Mon, Jun 8, 2009 at 4:50 PM uses
tabs for indentations in some sections, and 4-spaces in some other
sections.
>> - It doesn't make sense to check for index.php instead of
>> wp-login.php , the index.php would be a match for almost every web
>> application running PHP. The idea is to check for wp-login.php to be
>> able to be more performant and don't request all files in the
>> fingerprint database for every directory in the web application.
>>
>> Cheers,
>>
>
> It does check for wp-login.php rather than index.php.
>
> # Main scan URL passed from w3af + unique wp file
> wp_unique_url = urlParser.getDomainPath( fuzzableRequest.getURL() ) +
> '/wp-login.php'
> response = self._urlOpener.GET( wp_unique_url, useCache=True )
>
> # If wp_unique_url is not 404, wordpress = true
> if not is_404( response ):
>
> Am I missing the point?
No, sorry, I was wrong, I read the plugin code too fast.
Cheers,
> Ryan
>
>>> Ryan
>>>
>>
>>
>>
>> --
>> Andrés Riancho
>> Founder, Bonsai - Information Security
>> http://www.bonsai-sec.com/
>> http://w3af.sf.net/
>>
>
--
Andrés Riancho
Founder, Bonsai - Information Security
http://www.bonsai-sec.com/
http://w3af.sf.net/
------------------------------------------------------------------------------
Crystal Reports - New Free Runtime and 30 Day Trial
Check out the new simplified licensing option that enables unlimited
royalty-free distribution of the report engine for externally facing
server and web deployment.
http://p.sf.net/sfu/businessobjects
_______________________________________________
W3af-develop mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/w3af-develop
