>> an_httpd_count_cgi.nasl script_id(11555) v1.4 Looked at this further; it is generating spurious false positives on dynamic error pages. As long as the first response body has no '1's, and the second does (such as caused by the seconds value in a date field) then you get a false positive response. Martin... -----Original Message----- From: plugins-writers-bounces@private [mailto:plugins-writers-bounces@private] On Behalf Of Renaud Deraison Sent: 24 February 2005 03:58 To: plugins-writers@private Subject: Re: [Plugins-writers] Script false alarms On Wed, Feb 23, 2005 at 09:25:40AM -0000, Martin O'Neal wrote: > > Versions as per: > > fcgi_echo.nasl script_id(10838) v1.11 > phproxy_xss.nasl script_id(16069) v1.2 > ubbthreads_xss.nasl script_id(15951) v1.3 Fixed. > Additionally the following script only checks for a numeric "1" in a > response, no HTTP status checking etc, so false alarms on just about > anything; standard apache/iis errors etc. > > an_httpd_count_cgi.nasl script_id(11555) v1.4 It also checks for a 1 in the body for a bogus request, so it should not produce any false positive. _______________________________________________ Plugins-writers mailing list Plugins-writers@private http://mail.nessus.org/mailman/listinfo/plugins-writers _______________________________________________ Plugins-writers mailing list Plugins-writers@private http://mail.nessus.org/mailman/listinfo/plugins-writers
This archive was generated by hypermail 2.1.3 : Sat Mar 12 2005 - 07:12:19 PST