On Sat Sep 11 2004 at 23:37, Michael Scheidell wrote: > as an example, ALL of the XSS plugins will false positive if a web > site does a blanker redirect (301 or 302) since the 'script' it is > looking for will be in the Location header. Is cross_site_scripting.nasl supposed to detect it? > A) FOLLOW THE REDIRECT and 'attack' the site that its redirecting to > (BAD FORM! might redirect to www.fbi.gov!) Definitely not if you are not redirected to the same host. You are auditing host A, not host B where you are redirected. Testing if B = A implies that we need a "same_host" function that will be able to resolve names and compare IP address sets. > B) do something similar to 'no404.html' (ie "yes30x.html"? and report it? cross_site_scripting.nasl is supposed to do something like this already. When it fails, for whatever reason, you get FP on every XSS script. This happened to me last week. > C) edit the http_keepalive.inc to consider a 301 and 302 as a 404? I don't like the idea. _______________________________________________ Plugins-writers mailing list Plugins-writers@private http://mail.nessus.org/mailman/listinfo/plugins-writers
This archive was generated by hypermail 2.1.3 : Sun Sep 12 2004 - 01:36:27 PDT