#21 1.0RC1 - Questionable "finds"/possible infinite loop?

open
5
2009-12-16
2009-12-16
Anonymous
No

I'm seeing a lot of "questionable" findings. When recursive mode is enabled, they can be problematic. For example:
/dir1/ -- legit
/dir1// -- same as /dir1/
/dir1/(cwfyrsrad5l2zzedhfxwqm45)/ -- same as /dir1/
/dir1//(fuzwqe55k3i2bi3axm21yq55)/ -- same as /dir1/

From here, it gets worse. If recursive is on, /dir1// will be tested and eventually it will find /dir1/// which is the same as /dir1/. This is true for all three of those.

I'm not sure this is a code problem, but perhaps more that those 3 tests should be removed from the files? I realize these could be legitimate finds, but those cases are going to be extremely rare compared to the problems it finds, IMO.

Discussion

  • Simon Bennetts
    Simon Bennetts
    2010-11-10

    I get the same problem with 1.0RC1 when scanning tomcat servers.
    Dirbuster finds directories like:
    /admin
    //admin
    ///admin
    admin/
    admin//
    admin///

    etc, and seems to go into an infiate loop.