AnsweredAssumed Answered

Malicious code not found by WAS

Question asked by Bert Alting on May 14, 2020
Latest reply on May 18, 2020 by pawelpietrzynski

Hi there,

 

I can't seem to find the right settings i think. 

I installed a private-webserver with malicious code (php-reverse-shell.php / shell.php (webshell) and a shell.jsp).

They are located in root and other various folders.

 

When i perform a WAS scan (even with MD enabled), Qualys does not find those malicous files.

Am i missing something here? Every option is enabled and when i examine apache.log, I can see qualys is seeing 1 of those files but doesnt do anything with it.

 

Any ideas?

 

Greetings

Outcomes