w3af Guide de l'Utilisateur - Exploit Database

More documents

Recommendations

Info

| | | | of the eval(). |...Pour activer les plugins xss et sqli, puis vérifier que la commande a été comprisepar le framework, nous exécutons les commandes suivantes:w3af/plugins>>> audit xss, sqliw3af/plugins>>> audit|------------------------------------------------------------|| Plugin name | Status | Conf | Description ||------------------------------------------------------------|...| sqli | Enabled | | Find SQL injection || | | | bugs. |...| xss | Enabled | Yes | Find cross site || | | | scripting || | | | vulnerabilities. || xst | | | Verify Cross Site || | | | Tracing || | | | vulnerabilities. ||------------------------------------------------------------|w3af/plugins>>>Ou, si l'utilisateur est intéressé par savoir exactement ce que fait un plugin, ilpeut aussi utiliser la commande “desc” comme ceci:w3af>>> pluginsw3af/plugins>>> audit desc fileUploadThis plugin will try to expoit insecure file upload forms.One configurable parameter exists:- extensions
The extensions parameter is a comma separated list of extensionsthat this plugin will try to upload. Many web applicationsverify the extension of the file being uploaded, if specialextensions are required, they can be added here.Some web applications check the contents of the files beinguploaded to see if they are really what their extensionis telling. To bypass this check, this plugin uses filetemplates located at "plugins/audit/fileUpload/", this templatesare valid files for each extension that have a section ( thecomment field in a gif file for example ) that can be replacedby scripting code ( PHP, ASP, etc ).After uploading the file, this plugin will try to find it oncommon directories like "upload" and "files" on every knowdirectory. If the file is found, a vulnerability exists.w3af/plugins>>>Maintenant nous savons ce que fait ce plugin, mais voyons ce qu'il a dans leventre:w3af/plugins>>> audit config xssw3af/plugins/audit/config:xss>>> view|------------------------------------------------------------|| Setting | Value | Description ||------------------------------------------------------------|| checkPersistent | True | Search persistent XSS || numberOfChecks | 2 | Set the amount of checks to || | | perform for each fuzzable || | | parameter. Valid numbers: 1 to || | | 10 ||------------------------------------------------------------|w3af/plugin/xss>>> set checkPersistent Falsew3af/plugin/xss>>> backw3af/plugins>>> audit config sqliw3af/plugins/audit/config:sqli>>> view
Page 1 and 2: w3af Guide de l'UtilisateurVersion:
Page 3 and 4: IntroductionCe document est un guid
Page 5: Etapes w3afAvant même de lancer w3
Page 8 and 9: | assert | Check assertion. ||-----
Page 10 and 11: Exécuter w3af avec l'interface uti
Page 12: Configuration de PluginLes plugins
Page 17 and 18: Démarrer un scanAprès avoir confi
Page 19 and 20: ......The URL: http://localhost/bee
Page 21 and 22: Avertissement sur la découverteLa
Page 23 and 24: commande à la main dans la console
Page 25 and 26: w3af/exploit/osCommandingShell-0>>>
Page 27 and 28: time=0.037 ms64 bytes from localhos
Page 29 and 30: - http://localhost/w3af/ | Method:
Page 31 and 32: Execute "exitPlugin" to get out of
Page 33 and 34: l'exploitation.Maintenant que l'on
Page 35 and 36: Please wait some seconds while w3af
Page 37 and 38: w3afAgentComme vu dans un épisode
Page 39 and 40: Please wait some seconds while w3af
Page 41 and 42: Plus d'informationsDavantage d'info

w3af Guide de l'Utilisateur - Exploit Database

Create successful ePaper yourself

Delete template?

Save as template?