Hello All, While watching packets zip by for false positive analysis, I don't think the tomcat_directory_listing_and_file_disclosure.nasl plugin works as advertised. This segment: req = http_get(item:string("/", raw_string(0), ".jsp"), port:port); Didn't show anything after the "/" for the "item" parameter via tcpdump [1] on my system. Changing raw_string to have anything but "0" seems to work (albeit defeating the purpose of the plugin). I'm assuming http_get() sees the raw 0 as a NULL and stops w/ the string. Also, I noticed another interesting phenomenon. The F5 BigIP caching servers would show two different responses, depending if "Pragma: no-cache" was set. W/ it set, the page was returned. W/ it absent, an HTTP 500 error was sent. Jon [1] 15:36:31.228105 IP (tos 0x0, ttl 64, id 42402, offset 0, flags [DF], length: 306) 127.0.0.1.50396 > 127.0.0.1.2345: P [tcp sum ok] 1:255(254) ack 1 win 8192 <nop,nop,timestamp 104429479 104429479> 0x0000: 0000 0000 0000 0000 0000 0000 0800 4500 ..............E. 0x0010: 0132 a5a2 4000 4006 9621 7f00 0001 7f00 .2..@.@..!...... 0x0020: 0001 c4dc 0929 baf5 d23a bb30 22c7 8018 .....)...:.0"... 0x0030: 2000 a512 0000 0101 080a 0639 77a7 0639 ...........9w..9 0x0040: 77a7 4745 5420 2f20 4854 5450 2f31 2e31 w.GET./.HTTP/1.1 0x0050: 0d0a 436f 6e6e 6563 7469 6f6e 3a20 436c ..Connection:.Cl 0x0060: 6f73 650d 0a48 6f73 743a 2031 3237 2e30 ose..Host:.127.0 0x0070: 2e30 2e31 0d0a 5072 6167 6d61 3a20 6e6f .0.1..Pragma:.no 0x0080: 2d63 6163 6865 0d0a 5573 6572 2d41 6765 -cache..User-Age 0x0090: 6e74 3a20 4d6f 7a69 6c6c 612f 342e 3735 nt:.Mozilla/4.75 0x00a0: 205b 656e 5d20 2858 3131 2c20 553b 204e .[en].(X11,.U;.N 0x00b0: 6573 7375 7329 0d0a 4163 6365 7074 3a20 essus)..Accept:. 0x00c0: 696d 6167 652f 6769 662c 2069 6d61 6765 image/gif,.image 0x00d0: 2f78 2d78 6269 746d 6170 2c20 696d 6167 /x-xbitmap,.imag 0x00e0: 652f 6a70 6567 2c20 696d 6167 652f 706a e/jpeg,.image/pj 0x00f0: 7065 672c 2069 6d61 6765 2f70 6e67 2c20 peg,.image/png,. 0x0100: 2a2f 2a0d 0a41 6363 6570 742d 4c61 6e67 */*..Accept-Lang 0x0110: 7561 6765 3a20 656e 0d0a 4163 6365 7074 uage:.en..Accept 0x0120: 2d43 6861 7273 6574 3a20 6973 6f2d 3838 -Charset:.iso-88 0x0130: 3539 2d31 2c2a 2c75 7466 2d38 0d0a 0d0a 59-1,*,utf-8.... __________________________________ Yahoo! Mail - PC Magazine Editors' Choice 2005 http://mail.yahoo.com _______________________________________________ Plugins-writers mailing list Plugins-writers@private http://mail.nessus.org/mailman/listinfo/plugins-writers
This archive was generated by hypermail 2.1.3 : Fri Sep 23 2005 - 14:27:42 PDT