It could also be combined into the more generic cross_site_scripting.nasl, which can also check for a .aspx?aspxerrorpath=null "file extension"? That way the first true eval can end the plugin & only one message is sent. Let me know what you all think, I can update cross_site_scripting.nasl if you want. A .NET signature should work just as well...(but I don't know the proper match string). -Sullo > Hi, > > Sorry for the late reply, I would guess that the problem isn't a false positive, > but rather a true positive, since the server IS vulnerable to CROSS site, but > not to the .NET issue. So adding an IIS check would hamper this test. I would > rather see a check for the .NET signature file (i.e. when this cross site > appears the .NET version is shown at the bottom of the file, thus allowing > positive detection of .NET files). > > Thanks > Noam Rathaus > CTO > Beyond Security Ltd > http://www.SecurITeam.com > http://www.BeyondSecurity.com > ----- Original Message ----- > From: "Renaud Deraison" <deraisonat_private> > To: <plugins-writersat_private> > Sent: Friday, March 08, 2002 18:09 > Subject: Re: asp_net_css.nasl > > > > On Fri, Mar 08, 2002 at 11:02:12AM -0500, Sullo wrote: > > > I don't have ANYexperience with .NET, but does anyone know if there is an > additional string present that the output can be checked for > > > (some .NET specific error message)? This might keep the plugin from > evaluating true when it's not a .NET server. > > > > > > We could add a key so that this plugin is only tested against IIS. > > > > > > -- Renaud
This archive was generated by hypermail 2b30 : Fri Mar 22 2002 - 04:52:55 PST