On Mon, 5 Apr 2004, Renaud Deraison wrote:
> > foreach d (make_list("/upb", "/board", cgi_dirs()))
>
> Are "/upb" and "/board" really needed ? webmirror.nasl and
> DDI_Directory_Scanner.nasl should find the relevant CGI directories
> by themselves (and saving us two requests at the same time).
I don't think they're needed if webmirror and DDI_Directory_Scanner are
thorough. I was just taking a cue from upb_code_injection.
> > {
> > display(d);
> > req = http_get(item:string(d, "/db/users.dat"), port:port);
> > res = http_keepalive_send_recv(port:port, data:req);
> > if (res == NULL)
> > exit(0);
> > if (egrep(pattern:"^Admin<~>", string:res))
>
> Is the .dat file binary or pure text ? If it's binary, you definitely
> want to use if ( "Admin<~>" >< res ) instead, as egrep() and regular
> expressions have a hard time coping with binary data.
It's pure text.
Best regards,
Erik Stephens www.edgeos.com
Managed Vulnerability Assessment Services
_______________________________________________
Plugins-writers mailing list
Plugins-writers@private
http://mail.nessus.org/mailman/listinfo/plugins-writers
This archive was generated by hypermail 2b30 : Mon Apr 05 2004 - 08:25:25 PDT