#617 findBackdoor plugin asserts vulnerability on shtml checks.

[methodvue]

Running 1.0-rc1 on a Mac OS X system with Python 2.5 and all pre-requisites installed.

When iterating through all of the _vti_bin/shtml.exe checks, plugin asserts that all backdoor vulnerabilities are present (168 total reported shtml.exe vulnerabilities):

[snip]
Sun Mar 22 19:00:22 2009] Fingerprinted this host as a *nix system. Detection for this operating system is weak, "if not windows: is linux". This information was found in the requests with ids 8045 and 8046.
[Sun Mar 22 19:01:21 2009] A web backdoor was found at: http://example.server.bug/_vti_bin/shtml.exe/php-backdoor.php ; this could indicate that your server was hacked. This vulnerability was found in the request with id 10063.
[Sun Mar 22 19:01:21 2009] A web backdoor was found at: http://example.server.bug/_vti_bin/shtml.exe/simple-backdoor.php ; this could indicate that your server was hacked. This vulnerability was found in the request with id 10064.
[Sun Mar 22 19:01:21 2009] A web backdoor was found at: http://example.server.bug/_vti_bin/shtml.exe/cmd.php ; this could indicate that your server was hacked. This vulnerability was found in the request with id 10065.

...

Details are attached to this report.

[methodvue]

Output from backdoor plugin's _vti_bin checks.

[methodvue]

Comment #1: The server being scanned returns a "OK - 200" status with a custom error page for the plugin checks. This may indicate the plugin is looking for a "404" to validate that the path is invalid.

[Andres Riancho]

Could you please try to:

- Get the latest version of w3af from the svn
- run the scan again

I think that I fixed this... but I'm not 100% and your test could verify it =)

[methodvue]

Verified as fixed on mainline.