Mailing List Archive

On Fri, Mar 08, 2002 at 11:02:12AM -0500, Sullo wrote:
> I don't have ANYexperience with .NET, but does anyone know if there is an additional string present that the output can be checked for
> (some .NET specific error message)? This might keep the plugin from evaluating true when it's not a .NET server.


We could add a key so that this plugin is only tested against IIS.


-- Renaud

Hi,

Sorry for the late reply, I would guess that the problem isn't a false positive,
but rather a true positive, since the server IS vulnerable to CROSS site, but
not to the .NET issue. So adding an IIS check would hamper this test. I would
rather see a check for the .NET signature file (i.e. when this cross site
appears the .NET version is shown at the bottom of the file, thus allowing
positive detection of .NET files).

Thanks
Noam Rathaus
CTO
Beyond Security Ltd
http://www.SecurITeam.com
http://www.BeyondSecurity.com
----- Original Message -----
From: "Renaud Deraison" <deraison@cvs.nessus.org>
To: <plugins-writers@list.nessus.org>
Sent: Friday, March 08, 2002 18:09
Subject: Re: asp_net_css.nasl


> On Fri, Mar 08, 2002 at 11:02:12AM -0500, Sullo wrote:
> > I don't have ANYexperience with .NET, but does anyone know if there is an
additional string present that the output can be checked for
> > (some .NET specific error message)? This might keep the plugin from
evaluating true when it's not a .NET server.
>
>
> We could add a key so that this plugin is only tested against IIS.
>
>
> -- Renaud
>

It could also be combined into the more generic
cross_site_scripting.nasl, which can also check for a
.aspx?aspxerrorpath=null "file extension"? That way the first true eval
can end the plugin & only one message is sent.

Let me know what you all think, I can update cross_site_scripting.nasl
if you want. A .NET signature should work just as well...(but I don't
know the proper match string).

-Sullo


> Hi,
>
> Sorry for the late reply, I would guess that the problem isn't a false
positive,
> but rather a true positive, since the server IS vulnerable to CROSS
site, but
> not to the .NET issue. So adding an IIS check would hamper this test.
I would
> rather see a check for the .NET signature file (i.e. when this cross site
> appears the .NET version is shown at the bottom of the file, thus allowing
> positive detection of .NET files).
>
> Thanks
> Noam Rathaus
> CTO
> Beyond Security Ltd
> http://www.SecurITeam.com
> http://www.BeyondSecurity.com
> ----- Original Message -----
> From: "Renaud Deraison" <deraison@cvs.nessus.org>
> To: <plugins-writers@list.nessus.org>
> Sent: Friday, March 08, 2002 18:09
> Subject: Re: asp_net_css.nasl
>
>
> > On Fri, Mar 08, 2002 at 11:02:12AM -0500, Sullo wrote:
> > > I don't have ANYexperience with .NET, but does anyone know if
there is an
> additional string present that the output can be checked for
> > > (some .NET specific error message)? This might keep the plugin from
> evaluating true when it's not a .NET server.
> >
> >
> > We could add a key so that this plugin is only tested against IIS.
> >
> >
> > -- Renaud