asp_net_css.nasl

From: Sullo (sqat_private)
Date: Fri Mar 08 2002 - 08:02:12 PST

Next message: Renaud Deraison: "Re: asp_net_css.nasl"

Previous message: Noam Rathaus: "Same file different filename"
Next in thread: Renaud Deraison: "Re: asp_net_css.nasl"
Reply: Renaud Deraison: "Re: asp_net_css.nasl"
Reply: Sullo: "Re: asp_net_css.nasl"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

I just had a positive with asp_net_css.nasl for a web server that is not a .NET server (it's Solaris/Tomcat).  The CSS problem was also 
successfully found with cross_site_scripting.nasl, which means one problem reported two results.

plugin requests:
/~/<script>alert(document.cookie)</script>.aspx?aspxerrorpath=null

Result is checked for:
<script>alert(document.cookie)</script>

I don't have ANYexperience with .NET, but does anyone know if there is an additional string present that the output can be checked for 
(some .NET specific error message)?  This might keep the plugin from evaluating true when it's not a .NET server.

-Sullo

Next message: Renaud Deraison: "Re: asp_net_css.nasl"
Previous message: Noam Rathaus: "Same file different filename"
Next in thread: Renaud Deraison: "Re: asp_net_css.nasl"
Reply: Renaud Deraison: "Re: asp_net_css.nasl"
Reply: Sullo: "Re: asp_net_css.nasl"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Fri Mar 08 2002 - 08:04:04 PST