1.0RC1 - Questionable "finds"/possible infinite loop?

Status: Beta

Brought to you by: sitting-duck

#21 1.0RC1 - Questionable "finds"/possible infinite loop?

Status: open

Owner: sittinglittleduck

Labels: Backend code (9)

Priority: 5

Updated: 2009-12-16

Created: 2009-12-16

Creator: Anonymous

Private: No

I'm seeing a lot of "questionable" findings. When recursive mode is enabled, they can be problematic. For example:
/dir1/ -- legit
/dir1// -- same as /dir1/
/dir1/(cwfyrsrad5l2zzedhfxwqm45)/ -- same as /dir1/
/dir1//(fuzwqe55k3i2bi3axm21yq55)/ -- same as /dir1/

From here, it gets worse. If recursive is on, /dir1// will be tested and eventually it will find /dir1/// which is the same as /dir1/. This is true for all three of those.

I'm not sure this is a code problem, but perhaps more that those 3 tests should be removed from the files? I realize these could be legitimate finds, but those cases are going to be extremely rare compared to the problems it finds, IMO.

Discussion

Simon Bennetts - 2010-11-10

I get the same problem with 1.0RC1 when scanning tomcat servers.
Dirbuster finds directories like:
/admin
//admin
///admin
admin/
admin//
admin///

etc, and seems to go into an infiate loop.

If you would like to refer to this comment somewhere else in this project, copy and paste the following link:

1.0RC1 - Questionable "finds"/possible infinite loop?

Group

Searches

Help

#21 1.0RC1 - Questionable "finds"/possible infinite loop?

Discussion