Re: [Plugins-writers] Plugin for the latest Mantis vulnerabilities

• Previous message: David Maciejak: "RE: [Plugins-writers] Is there an update for smb_suspicious_files.nasl?"
• In reply to: Joxean Koret: "[Plugins-writers] Plugin for the latest Mantis vulnerabilities"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

On Sep 27, 2005, at 7:44, Joxean Koret wrote:

> Hi!
>
>     I write a plugin for the latest Mantis Bugtracker  
> vulnerabilities. Attached goes the NASL plugin.

This is redundant with plugin #19473 which has been written by David  
Maciejak.

In addition to this, your plugin is vulnerable to numerous cross site  
scripting issues, at it simply looks for text to be echoed back by  
the remote server. Whether Mantis is vulnerable or not, and wether  
the remote host is running Mantis or not, you'd get false positives  
(ie: try it against www.slashdot.org).


                                         -- Renaud
_______________________________________________
Plugins-writers mailing list
Plugins-writers@private
http://mail.nessus.org/mailman/listinfo/plugins-writers

• Previous message: David Maciejak: "RE: [Plugins-writers] Is there an update for smb_suspicious_files.nasl?"
• In reply to: Joxean Koret: "[Plugins-writers] Plugin for the latest Mantis vulnerabilities"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

This archive was generated by hypermail 2.1.3 : Tue Sep 27 2005 - 05:22:32 PDT