Patch for iis_frag_disclosure.nasl

From: Noam Rathaus (noamrat_private)
Date: Wed Mar 26 2003 - 05:30:31 PST

Next message: Noam Rathaus: "404 with Cross Site"

Previous message: Renaud Deraison: "Re: Localization issue is smb_login.nasl"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Hi,

Sometimes the redirected web page is of UNAUTHORIZED type, we need to detect
that, or a false positive will occur, see below for a patch.

Thanks
Noam Rathaus
CTO
Beyond Security Ltd
http://www.SecurITeam.com
http://www.BeyondSecurity.com

Patch for iis_frag_disclosure.nasl:
6d5
< # Patch to detect whether the Redirected is UNAUTHORIZED
56d54
<
98,109d95
<
<     req = http_get(item:BaseURL, port:port);
<     soc=http_open_socket(port);
<
<     send(socket:soc,data:req);
<     data = http_recv(socket:soc);
<
<     if(" 403 Access Forbidden" >< data)exit(0); # if default response is
Access Forbidden, a false positive will result
<     if(" 401 Unauthorized" >< data)exit(0);
<     if("WWW-Authenticate" >< data)exit(0);
<
<     http_close_socket(soc);

Next message: Noam Rathaus: "404 with Cross Site"
Previous message: Renaud Deraison: "Re: Localization issue is smb_login.nasl"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Wed Mar 26 2003 - 05:31:55 PST