Re: [Plugins-writers] www_expect_xss.nasl FP [PATCH]

From: George A. Theall (theall@private)
Date: Wed Sep 13 2006 - 07:58:04 PDT


On Wed, Sep 13, 2006 at 03:23:42PM +0100, Hubert Seiwert wrote:

> the exploit string used in this plugin cannot detect whether the remote Apache is
> vulnerable to the CVE-2006-3918 Expect header XSS issue.
...
> To do a proper test, the exploit string needs to contain something that will be quoted,
> e.g. angle brackets.

Thanks for the report. I've applied your patch; the revised plugin 
should become available in an hour or two.

George
-- 
theall@private
_______________________________________________
Plugins-writers mailing list
Plugins-writers@private
http://mail.nessus.org/mailman/listinfo/plugins-writers



This archive was generated by hypermail 2.1.3 : Wed Sep 13 2006 - 07:58:35 PDT