W3AF scanning..
i was using w3af for scanning the vulnerable website, not because i wonder to hack or what, but just for testing how the w3af run for. ok just to the point, when i try this tool, i always got this message : The URL: http://www.site.com/index.php is vulnerable to cross site request forgery. It allows the attacker to exchange the method from POST to GET when sending data to the server.
wish anyone can explain what did it means?
tks
Re: W3AF scanning..
I actually think thats a very clear explanation, and I couldnt make it any clearer myself without giving a full explanation of CSRF attacks and showing examples of HTTP POST and GET requests - which Im not going to do becase this is research you can and should be doing on your own.
Do some reading on how the HTTP protocol works and on Cross Site Request Forgery (as well as other web based attacks), because its completely useless to be doing any web vulnerability scanning without this knowledge.
Capitalisation is important. It's the difference between "Helping your brother Jack off a horse" and "Helping your brother jack off a horse".
The Forum Rules, Forum FAQ and the BackTrack Wiki... learn them, love them, live them.
Re: W3AF scanning..
I'm a compulsive post editor, you might wanna wait until my post has been online for 5-10 mins before quoting it as it will likely change.
I know I seem harsh in some of my replies. SORRY! But if you're doing something illegal or posting something that seems to be obvious BS I'm going to call you on it.
Re: W3AF scanning..
SpoonfeederOriginally Posted by thorin
Capitalisation is important. It's the difference between "Helping your brother Jack off a horse" and "Helping your brother jack off a horse".
The Forum Rules, Forum FAQ and the BackTrack Wiki... learn them, love them, live them.
Posting Permissions
