Re: [W3af-users] Shell shock plugin for w3af: Done!
Status: Beta
Brought to you by:
andresriancho
Menu
▾
▴
Re: [W3af-users] Shell shock plugin for w3af: Done!
|
From: Ali K. <ali...@gm...> - 2014-09-25 18:05:02
|
thanks, I was wondering I tried with pinc -c 1 , and ping -c 30 didn't notice any difference , would that be significant ? -------- Original Message -------- Subject: Re: [W3af-users] Shell shock plugin for w3af: Done! From: Andres Riancho <and...@gm...> To: Ali Khalfan <ali...@gm...> CC: "w3a...@li..." <w3a...@li...> Date: Thu Sep 25 2014 20:19:36 GMT+0300 (AST) > Ali, > > You can use curl -H"test: ..." http://foo.com/ to verify > > Replace ... with the bash exploit > > On Thu, Sep 25, 2014 at 2:11 PM, Ali Khalfan <ali...@gm...> wrote: >> Andres, >> Is there a way I could manually verify a url? (as in using Nmap or wget and >> checking the response) >> >> I did it twice on a url and once it says it was vulnerable and the other >> says it wasn't >> >> On ٢٥ سبتمبر، ٢٠١٤ ٧:١٨:٣٦ م GMT+03:00, Andres Riancho >> <and...@gm...> wrote: >>> >>> Check the github repository issues, mailing list, etc. This issue (for >>> mac?) has workarounds documented somewhere >>> >>> On Thu, Sep 25, 2014 at 1:04 PM, Ali Khalfan <ali...@gm...> >>> wrote: >>>> >>>> i keep trying to run the git version of w3af and it says that phply is >>>> missing, yet I have it: >>>> >>>> >>>> >>>> /usr/local/lib/python2.7/dist-packages/phply-0.9.1-nspkg.pth >>>> /usr/local/lib/python2.7/dist-packages/phply-0.9.1.egg-info >>>> /usr/local/lib/python2.7/dist-packages/phply.egg-link >>>> /usr/local/lib/python2.7/dist-packages/phply/phpast.py >>>> /usr/local/lib/python2.7/dist-packages/phply/phpast.pyc >>>> /usr/local/lib/python2.7/dist-packages/phply/phplex.py >>>> /usr/local/lib/python2.7/dist-packages/phply/phplex.pyc >>>> >>>> /usr/local/lib/python2.7/dist-packages/phply/phpparse.py >>>> /usr/local/lib/python2.7/dist-packages/phply/phpparse.pyc >>>> /usr/local/lib/python2.7/dist-packages/phply/pythonast.py >>>> /usr/local/lib/python2.7/dist-packages/phply/pythonast.pyc >>>> /usr/local/lib/python2.7/dist-packages/phply-0.9.1.egg-info/PKG-INFO >>>> /usr/local/lib/python2.7/dist-packages/phply-0.9.1.egg-info/SOURCES.txt >>>> >>>> /usr/local/lib/python2.7/dist-packages/phply-0.9.1.egg-info/dependency_links.txt >>>> >>>> /usr/local/lib/python2.7/dist-packages/phply-0.9.1.egg-info/installed-files.txt >>>> >>>> /usr/local/lib/python2.7/dist-packages/phply-0.9.1.egg-info/namespace_packages.txt >>>> /usr/local/lib/python2.7/dist-packages/phply-0.9.1.egg-info/not-zip-safe >>>> /usr/local/lib/python2.7/dist-packages/phply-0.9.1.egg-info/requires.txt >>>> >>>> /usr/local/lib/python2.7/dist-packages/phply-0.9.1.egg-info/top_level.txt >>>> >>>> >>>> On >>>> 09/25/2014 03:22 PM, Andres Riancho wrote: >>>>> >>>>> List, >>>>> >>>>> Take a look at the w3af plugin I've just finished coding [0], it >>>>> detects shell shock vulnerabilities by using time delays. Pull >>>>> requests with improvements are welcome :) >>>>> >>>>> [0] https://gist.github.com/andresriancho/4ef11d75c1f517c24f94 >>>>> >>>>> Regards, >>>> >>>> >>>> >>>> ________________________________ >>>> >>>> Meet PCI DSS 3.0 Compliance Requirements with EventLog Analyzer >>>> Achieve PCI DSS 3.0 Compliant Status with Out-of-the-box PCI DSS Reports >>>> Are you Audit-Ready for PCI DSS 3.0 Compliance? Download White paper >>>> Comply to PCI DSS 3.0 Requirement 10 and 11.5 with EventLog Analyzer >>>> >>>> http://pubads.g.doubleclick.net/gampad/clk?id=154622311&iu=/4140/ostg.clktrk >>>> ________________________________ >>>> >>>> W3af-users mailing list >>>> W3a...@li... >>>> https://lists.sourceforge.net/lists/listinfo/w3af-users >>> >>> >>> >> >> -- >> Sent from my Android device with K-9 Mail. Please excuse my brevity. > > > |
