I've seen some talk and some patches about Nessus following HTTP redirect messages, but was anything implemented? I have a case where a web server redirects my request for //etc/passwd to another directory with a 302 moved msg, and then sends the passwd file. The thttpd_bug.nasl looks for //etc/passwd but did not find it due to the redirect. So should http_get follow redirects (maybe just one to prevent loops), or should it be coded directly into the NASL if there's a 302 or other redirect? Also attached is a diff for thttpd_bug.nasl, which had two issues...the CVE number isn't right, and the regex for "root:.*:0:[01]:.*" was too restrictive and didn't match this system (the passwd file is a slightly different for some reason), so it's now just "root:.*" which I don't think will be a problem for false-positives. Thanks Sullo -- http://www.cirt.net/
This archive was generated by hypermail 2b30 : Wed Aug 20 2003 - 12:06:12 PDT