Hi, There is no problem :} That is why we post them. Thanks Noam Rathaus http://www.SecurITeam.com http://www.BeyondSecurity.com ----- Original Message ----- From: "sq" <sqat_private> To: <plugins-writersat_private> Sent: Wednesday, November 14, 2001 00:39 Subject: Allaire JRUN Cross Site Scripting Check > Attached is a quick hack up SecuriTeam's 40x Cross Site Scripting NASL (without their permission, I hope they're okay with that for a NASL-newbie). This one specifically checks for the Allaire JRUN CSS problem (the scripts require a .jsp, .shtml or .thtml extension tacked on to the end of the request). > > It is working in my tests, but I'm wondering if there's a better way to handle the three requests (.jsp, .shtml and .thtml) in some sort of loop (or even just adding it easily to the original SecuriTeam NASL)? In my testing I found that one may work and one may not (I assume it depends on the config options of JRUN, but I don't have access to admin the systems), so all three should be tested to be sure. > > Also, if someone has a 2.3.x JRUN installation to test against... > > Comments/help appreciated. > > Thanks > Chris > >
This archive was generated by hypermail 2b30 : Tue Nov 13 2001 - 22:26:19 PST