Re: [Plugins-writers] to dumb to write the nasl..

• Previous message: Tobias Glemser: "[Plugins-writers] to dumb to write the nasl.."
• In reply to: Tobias Glemser: "[Plugins-writers] to dumb to write the nasl.."
• Next in thread: Dennis Jackson: "Re: [Plugins-writers] to dumb to write the nasl.."
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

On Fri, Jul 15, 2005 at 09:59:08AM +0200, Tobias Glemser wrote:

> .. I tried to write a nasl for a bug in phpauction I found early this
> year (http://www.securityfocus.com/bid/12069), but the nasl doesn't work
> completely.
> 
> I sniffed the connection while executing the script and the script
> successfully uses the bypass possibility, moves to every given
> directory, but sadly the script doesn't recognize, that it successfully
> logged in.
> 
> Maybe some of you guys would be so kind to have a look at it? Thanks in
> advance.

>From strictly a NASL point of view, it looks ok to me. You may want to
add a statement to print results returned by the script; eg,

  display("res='", res, "'.\n");

after http_keepalive() statements. If you're running through Nessus,
output will appear in nesssud.dump.

Oh, are you sure the target(s) you're testing are indeed vulnerable to this?


George
-- 
theall@private
_______________________________________________
Plugins-writers mailing list
Plugins-writers@private
http://mail.nessus.org/mailman/listinfo/plugins-writers

• Previous message: Tobias Glemser: "[Plugins-writers] to dumb to write the nasl.."
• In reply to: Tobias Glemser: "[Plugins-writers] to dumb to write the nasl.."
• Next in thread: Dennis Jackson: "Re: [Plugins-writers] to dumb to write the nasl.."
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

This archive was generated by hypermail 2.1.3 : Fri Jul 15 2005 - 05:55:08 PDT