Hi, I've recently started using the w3af scanner and love it! I'd like to
contribute some code to the project and am wondering how to go about this?
I've written 2 new discovery plugins; one is a wordpress theme auditor.
Many wordpress vulnerabilities are theme specific, this plugin finds the
running theme on a blog, attempts to find installed but not running themes
by enumerating popular theme names from a list and for any themes found,
runs tests to see if they are vulnerable to common vulnerabilities. Right
now I have all of the Woo themes in the theme list and it checks for a new
vulnerability that is common to all of them (WooThemes shortcode
vulnerability). It is very easy to extend to new themes and vulnerabilities
and I plan on adding more.
The second is another discovery plugin that looks for misconfigured adobe
crossdomain.xml files. Details on this problem can be found here
http://jeremiahgrossman.blogspot.ca/2008/05/crossdomainxml-invites-cross-site.html
Thanks!
------------------------------------------------------------------------------
Live Security Virtual Conference
Exclusive live event will cover all the ways today's security and
threat landscape has changed and how IT managers can respond. Discussions
will include endpoint security, mobile security and the latest in malware
threats. http://www.accelacomm.com/jaw/sfrnl04242012/114/50122263/
_______________________________________________
W3af-develop mailing list
W3af-develop@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/w3af-develop
