http redirects

From: sulloat_private
Date: Wed Aug 20 2003 - 12:04:55 PDT

  • Next message: Abe: "MS03-026 vulnerability detection"

    I've seen some talk and some patches about Nessus following HTTP redirect
    messages, but was anything implemented? I have a case where a web server
    redirects my request for //etc/passwd to another directory with a 302 moved msg,
    and then  sends the passwd file. The thttpd_bug.nasl looks for //etc/passwd but
    did not find it due to the redirect.
    
    So should http_get follow redirects (maybe just one to prevent loops), or should
    it be coded directly into the NASL if there's a 302 or other redirect? 
    
    Also attached is a diff for thttpd_bug.nasl, which had two issues...the CVE number
    isn't right, and the regex for "root:.*:0:[01]:.*" was too restrictive and
    didn't match this system (the passwd file is a slightly different for some
    reason), so it's now just "root:.*" which I don't think will be a problem for
    false-positives.
    
    Thanks
    Sullo
    
    
    -- 
    http://www.cirt.net/
    
    
    



    This archive was generated by hypermail 2b30 : Wed Aug 20 2003 - 12:06:12 PDT