search

luigiurbano / Reinforced-Wavsep

A reinforced version of the Wavsep evaluation platform.
GNU General Public License v3.0
17 stars 8 forks source link

Issue with test #2

Closed vbisbest closed 4 months ago

vbisbest commented 1 year ago

Hi, are you fixing issues with tests? If so, this example does not work properly:

http://localhost:18080/wavsep/active/Unvalidated-Redirect/Redirect-FalsePositives-GET/Case06-Redirect-FalsePositive-RFI-TextHtmlValidResponse-FilenameContext-Unrestricted-OSPath-DefaultFullInput-NoPathReq-Read.jsp

  1. Method should be GET, yet the form is a POST
  2. I suspect this should be a FP? However the attack really works and includes a file from a remote host.

Thoughts?

giper45 commented 1 year ago

Hi, I have actually changed the method in GET. Now we should check why it is not a false positive. @0xUrbz could you check it?