Hi, I noticed those too, I cannot figure out a safe way to detect actual reading of autoexec.bat, maybe searching for: "mode " instead of just "mode". But I am not certain how safe this would be... Anyone? Thanks Noam Rathaus CTO Beyond Security Ltd http://www.SecurITeam.com http://www.BeyondSecurity.com ----- Original Message ----- From: "Matt Moore" <mattat_private> To: <noamrat_private> Sent: Sunday, March 31, 2002 15:53 Subject: BadBlue Directory Traversal > Hello Noam, > > Hope you're well. I've just finishing running a large scan, which is always > good for rooting out plugins that false positive... > > The BadBlue Directory Traversal plugin you wrote appears to be (in a couple > of rare cases) returning a false positive. The actual cause of the false > positive is rather obscure - I think the string 'mode' is matching 'modern' > in a font referencing inline style sheet. > > regards, > > Matt > >
This archive was generated by hypermail 2b30 : Tue Mar 26 2002 - 06:54:24 PST