Here are NASLs for the zml.cgi and the PHP Rocket Add-in directory traversals.
Is there a KB item for the name of the cgi-bin directory?
Also, for directory traversals is there a standard file to check for on Unix boxes? (In these two nasls I just use /etc/passwd and grep for root: and :0:0: to verify that it's actually /etc/passwd)
--
^Drew
http://guh.nu
--Begin PGP Fingerprint--
3C6C F712 0A52 BD33 C518 5798 9014 CA99 2DA0 5E78
--End PGP Fingerprint--
Is there a KB item for the name of the cgi-bin directory?
Also, for directory traversals is there a standard file to check for on Unix boxes? (In these two nasls I just use /etc/passwd and grep for root: and :0:0: to verify that it's actually /etc/passwd)
--
^Drew
http://guh.nu
--Begin PGP Fingerprint--
3C6C F712 0A52 BD33 C518 5798 9014 CA99 2DA0 5E78
--End PGP Fingerprint--