Mailing List Archive

Here's a fix for the cvs version of cross_site_scripting.nasl to correct
a dumb mistake on my part. Thanks to Michael for catching it. This meant
it was not actually testing for CSS with .thtml file extensions.

# diff cross_site_scripting.OLD cross_site_scripting.nasl
56c56
< dir[2] = "";
---
> dir[3] = "";
Or the attached copy of the plugin.
-Chris
Michael Scheidell Wrote:
> I was looking at the nessus script:
> cross_site_scripting.nasl
>
> and noticed these lines:
> dir[0] = ".jsp";
> dir[1] = ".shtml";
> dir[2] = ".thtml";
> dir[2] = "";
>
>
> should that not be:
> dir[0] = ".jsp";
> dir[1] = ".shtml";
> dir[2] = ".thtml";
> dir[3] = "";
>
> ^^
>
> (3 and not 2)?
>
> the way it is, I think it only runs jsp and shtml.
> 10.1.1.11 - - [03/Feb/2002:20:22:17 -0500] "GET
> /<SCRIPT>alert('Vulnerable')</SCRIPT>.jsp HTTP/1.0" 404 2988 "-" "-"
> 10.1.1.11 - - [03/Feb/2002:20:22:17 -0500] "GET
> /<SCRIPT>alert('Vulnerable')</SCRIPT>.shtml HTTP/1.0" 404 2988 "-" "-"
>
> with patch:
> 10.1.1.11 - - [03/Feb/2002:20:23:36 -0500] "GET
> /<SCRIPT>alert('Vulnerable')</SCRIPT>.jsp HTTP/1.0" 404 2988 "-" "-"
> 10.1.1.11 - - [03/Feb/2002:20:23:36 -0500] "GET
> /<SCRIPT>alert('Vulnerable')</SCRIPT>.shtml HTTP/1.0" 404 2988 "-" "-"
> 10.1.1.11 - - [03/Feb/2002:20:23:36 -0500] "GET
> /<SCRIPT>alert('Vulnerable')</SCRIPT>.thtml HTTP/1.0" 404 2988 "-" "-"