Re: [Plugins-writers] False negatives in sql_injection.nasl

• Previous message: Richard Moore: "[Plugins-writers] False negatives in sql_injection.nasl"
• In reply to: Richard Moore: "[Plugins-writers] False negatives in sql_injection.nasl"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Richard Moore wrote:

> Hi All,
>
> Doing some experiments with the sql_injection.nasl yesterday
> showed that it failed to detect a trivially injectable CGI we
> set up. Looking back through the history of the plugin it
> appears that the problem was introduced in revision 1.25 when
> support for blind injection was added. I've attached a version
> that correctly detects the injection vulnerability (and also
> added a generic signature for oracle error messages).
>

I'm looking into it.  Thanks.

John
_______________________________________________
Plugins-writers mailing list
Plugins-writers@private
http://mail.nessus.org/mailman/listinfo/plugins-writers

• Previous message: Richard Moore: "[Plugins-writers] False negatives in sql_injection.nasl"
• In reply to: Richard Moore: "[Plugins-writers] False negatives in sql_injection.nasl"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

This archive was generated by hypermail 2.1.3 : Fri Apr 28 2006 - 05:45:29 PDT