Hosting Provided By

[LoWNOISE] Wmap 1.3 (X-mas adjustment version)

From: ET LoWNOISE <et(at)cyberspace.org>
Date: Sat Dec 28 2002 - 20:03:15 EST

[LoWNOISE] Wmap 1.3

http://pwp.007mundo.com/etorres1/

NOTE: v1.3 X-MAS Adjustment version .. a Big fix of bugs.... , tired of the holly whisker?

Wmap is a "simple less stupid web scanner" for *nix . Im not going to tell you that is a intelligent scanner, because it isnt.

When you use a CGI scanner it just searches for the existence of cgis in common directories. Thats the fact. But it should not be that way. Because many companies just use their own locations to put their cgis. So you are just searching in a default web server path, leaving behind a huge space without testing, with bigger holes that you didnt found.

So what happens if target.org just move or rename the common cgi-bin directory having in there all the vulnerable cgis. WMAP search recursively, grabing all the info contained in html tags like HREF, FORM and FRAME, capturing the new directories , dividing and including them in the tests. A web master doesnt have any limitation to put their cgis in any place he wants.

Happy new year

Efrain 'ET' Torres
[LoWNOISE] Colombia

2002 Received on Sun Dec 29 14:19:47 2002

This message: [ Message body ]
Next message: contact(at)proofsecure.com: "Paros v2.0 Free Edition for web application security assessment"
Previous message: Klaus Steding-Jessen: "Announce: chkrootkit 0.38 is now available!"
In reply to: miguel.dilaj(at)pharma.novartis.com: "Lepton's Crack release"

Contemporary messages sorted: [ By Date ] [ By Thread ] [ By Subject ] [ By Author ] [ By messages with attachments ]

This archive was generated by hypermail 2.1.8 : Wed Aug 23 2006 - 14:02:47 EDT

Do you need help?