On Fri May 06 2005 at 19:00, Hubert Seiwert wrote:
> Any comments are welcome...
I did not look at the attack part in details. Here are comments on the
"style":
> desc["english"] = "Script to detect PRADO 2.0.0 and below VIEWSTATEvulnerability";
Description can span on several lines. Usually, it includes "Risk" and
"Solution" lines.
> summary["english"] =
> "Tests for improper handling of the VIEWSTATE form
> variable (no HMAC verification) in PRADO 2.0.0 and
> below, which may be exploitable for arbitrary code
> execution";
On the contrary, summary must be on one single line. You have to
switch desc & summary, I guess, and add some comments to desc.
> script_category(ACT_MIXED_ATTACK);
You don't call the safe_check function, this cannot be "MIXED".
It looks like an ACT_ATTACK, unless there is a risk of killing the
remote service (ACT_DESTRUCTIVE_ATTACK in this case)
> script_require_ports("Services/www", 80);
You also need script_dependencies("httpver.nasl")
> debug_level = 1;
Better:
include('global_settings.inc');
> if (debug_level)display("Found page possibly generated by PRADO\n");
You can use debug_print() instead
_______________________________________________
Plugins-writers mailing list
Plugins-writers@private
http://mail.nessus.org/mailman/listinfo/plugins-writers
This archive was generated by hypermail 2.1.3 : Sat May 07 2005 - 05:34:35 PDT