Hi, Sorry for the late reply, I would guess that the problem isn't a false positive, but rather a true positive, since the server IS vulnerable to CROSS site, but not to the .NET issue. So adding an IIS check would hamper this test. I would rather see a check for the .NET signature file (i.e. when this cross site appears the .NET version is shown at the bottom of the file, thus allowing positive detection of .NET files). Thanks Noam Rathaus CTO Beyond Security Ltd http://www.SecurITeam.com http://www.BeyondSecurity.com ----- Original Message ----- From: "Renaud Deraison" <deraisonat_private> To: <plugins-writersat_private> Sent: Friday, March 08, 2002 18:09 Subject: Re: asp_net_css.nasl > On Fri, Mar 08, 2002 at 11:02:12AM -0500, Sullo wrote: > > I don't have ANYexperience with .NET, but does anyone know if there is an additional string present that the output can be checked for > > (some .NET specific error message)? This might keep the plugin from evaluating true when it's not a .NET server. > > > We could add a key so that this plugin is only tested against IIS. > > > -- Renaud >
This archive was generated by hypermail 2b30 : Fri Mar 22 2002 - 02:40:18 PST