Hi Chris, better use a loop - updated version is attached Had no time to test, but it should work (tm) ... Regards, Felix Huber ------------------------------------------------------- Felix Huber, Security Consultant, Webtopia Guendlinger Str.2, 79241 Ihringen - Germany huberfelixat_private (07668) 951 156 (phone) http://www.webtopia.de (07668) 951 157 (fax) (01792) 205 724 (mobile) ------------------------------------------------------- ----- Original Message ----- From: "sq" <sqat_private> To: <plugins-writersat_private> Sent: Tuesday, November 13, 2001 11:39 PM Subject: Allaire JRUN Cross Site Scripting Check > Attached is a quick hack up SecuriTeam's 40x Cross Site Scripting NASL (without their permission, I hope they're okay with that for a NASL-newbie). This one specifically checks for the Allaire JRUN CSS problem (the scripts require a .jsp, .shtml or .thtml extension tacked on to the end of the request). > > It is working in my tests, but I'm wondering if there's a better way to handle the three requests (.jsp, .shtml and .thtml) in some sort of loop (or even just adding it easily to the original SecuriTeam NASL)? In my testing I found that one may work and one may not (I assume it depends on the config options of JRUN, but I don't have access to admin the systems), so all three should be tested to be sure. > > Also, if someone has a 2.3.x JRUN installation to test against... > > Comments/help appreciated. > > Thanks > Chris > >
This archive was generated by hypermail 2b30 : Tue Nov 13 2001 - 15:13:46 PST