Task #146849 has been updated.
Project: w3af
Subproject: Plugin TODO v1.00
Summary: osCommanding false positive
Complete: 0%
Status: Closed
Authority : andresriancho
Assigned to: andresriancho
Description: OS Commanding was found at: http://www.farmacity.com.ar/ar/locales-head.swf . Using method: GET. The data sent was: sucursales=run+ping+-n+5+localhost. The vulnerability was found in the request with id 10631.
Follow-Ups:
-------------------------------------------------------
Date: 2008-03-05 21:42
By: andresriancho
Comment:
No, accepting false positive.
-------------------------------------------------------
Date: 2008-03-05 21:41
By: andresriancho
Comment:
Solved in revision 801 when implemented a "benchmarking" functionality for unfuzzed requests.
-------------------------------------------------------
For more info, visit:
http://sourceforge.net/pm/task.php?func=detailtask&project_task_id=146849&group_id=170274&group_project_id=50603
|
