Adi, Taras, On Fri, Jan 29, 2010 at 7:54 AM, Adi Mutu <adi_mut...@yahoo.com> wrote: > Hello, > > Taras, thanks for citing me, i feel proud:) > Now back to serious business. When I wrote that email about mod_rewrite and > variations I was thinking at Acunetix also, because that is where I got the > idea from (and the term 'variation'). > > Now, I personally think that Andres is a little exagerating here, saying > that > id=1.....100 could be of a certain type and id=1 would be of a different > type, like command execution. > I think this is very, very little probability for that, but i can understand > him, trying to make w3af perfectly. > > If however he would like to cover such a case, I would do something like > this. A manual discovery of the application by the pentester(yes, manually > browsing of the website i mean) and if the pentestes notices something > intersting, he could somehow change the behaviour of w3af, telling it what > liks to follow and what not to follow........Yes, I know you're going to say > that how can he follow 100 links....?.....But it's still a probability that > something will catch his eye...... > Anyway in the 'default' way I would do it like Acunetix and probably add > some adjustments like the one above......
Ok, you guys convinced me. We're going to do it like acunetix, using the "variations" way. I added this to my personal TODO list, but its going to take some time, since I'm starting my vacations tomorrow at 18hs. I'll be in vacations until Monday 8. Cheers, > > Thanks, > > > > -- Andrés Riancho Founder, Bonsai - Information Security http://www.bonsai-sec.com/ http://w3af.sf.net/ ------------------------------------------------------------------------------ The Planet: dedicated and managed hosting, cloud storage, colocation Stay online with enterprise data centers and the best network in the business Choose flexible plans and management services without long-term contracts Personal 24x7 support from experience hosting pros just a phone call away. http://p.sf.net/sfu/theplanet-com _______________________________________________ W3af-develop mailing list W3af-develop@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/w3af-develop
