asp_net_css.nasl

From: Sullo (sqat_private)
Date: Fri Mar 08 2002 - 08:02:12 PST

  • Next message: Renaud Deraison: "Re: asp_net_css.nasl"

    I just had a positive with asp_net_css.nasl for a web server that is not a .NET server (it's Solaris/Tomcat).  The CSS problem was also 
    successfully found with cross_site_scripting.nasl, which means one problem reported two results.
    
    plugin requests:
    /~/<script>alert(document.cookie)</script>.aspx?aspxerrorpath=null
    
    Result is checked for:
    <script>alert(document.cookie)</script>
    
    I don't have ANYexperience with .NET, but does anyone know if there is an additional string present that the output can be checked for 
    (some .NET specific error message)?  This might keep the plugin from evaluating true when it's not a .NET server.
    
    -Sullo
    



    This archive was generated by hypermail 2b30 : Fri Mar 08 2002 - 08:04:04 PST