Results 1 to 4 of 4

Thread: W3AF scanning..

Hybrid View

  1. #1
    Member
    Join Date
    Feb 2010
    Posts
    50

    Default W3AF scanning..

    i was using w3af for scanning the vulnerable website, not because i wonder to hack or what, but just for testing how the w3af run for. ok just to the point, when i try this tool, i always got this message : The URL: http://www.site.com/index.php is vulnerable to cross site request forgery. It allows the attacker to exchange the method from POST to GET when sending data to the server.
    wish anyone can explain what did it means?

    tks

  2. #2
    Super Moderator lupin's Avatar
    Join Date
    Jan 2010
    Posts
    2,943

    Default Re: W3AF scanning..

    I actually think thats a very clear explanation, and I couldnt make it any clearer myself without giving a full explanation of CSRF attacks and showing examples of HTTP POST and GET requests - which Im not going to do becase this is research you can and should be doing on your own.

    Do some reading on how the HTTP protocol works and on Cross Site Request Forgery (as well as other web based attacks), because its completely useless to be doing any web vulnerability scanning without this knowledge.
    Capitalisation is important. It's the difference between "Helping your brother Jack off a horse" and "Helping your brother jack off a horse".

    The Forum Rules, Forum FAQ and the BackTrack Wiki... learn them, love them, live them.

  3. #3
    My life is this forum thorin's Avatar
    Join Date
    Jan 2010
    Posts
    2,629
    I'm a compulsive post editor, you might wanna wait until my post has been online for 5-10 mins before quoting it as it will likely change.

    I know I seem harsh in some of my replies. SORRY! But if you're doing something illegal or posting something that seems to be obvious BS I'm going to call you on it.

  4. #4
    Super Moderator lupin's Avatar
    Join Date
    Jan 2010
    Posts
    2,943

    Default Re: W3AF scanning..

    Spoonfeeder
    Capitalisation is important. It's the difference between "Helping your brother Jack off a horse" and "Helping your brother jack off a horse".

    The Forum Rules, Forum FAQ and the BackTrack Wiki... learn them, love them, live them.

Similar Threads

  1. w3af GUI
    By playtrack in forum BackTrack Bugs
    Replies: 2
    Last Post: 02-18-2010, 09:04 AM
  2. bug in w3af
    By p3nt3st in forum OLD BT4beta Bugs and Fixes
    Replies: 3
    Last Post: 04-08-2009, 04:03 AM
  3. w3af -g ( GTK ? / BT3 ? )
    By opreat0r in forum OLD Programming
    Replies: 21
    Last Post: 10-14-2008, 01:47 AM
  4. PORTABLE w3af GUI GTK
    By opreat0r in forum OLD General IT Discussion
    Replies: 0
    Last Post: 04-24-2008, 03:33 AM
  5. w3af probs
    By digiuk in forum OLD BT3beta General
    Replies: 2
    Last Post: 03-26-2008, 09:02 PM

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •