Hi,
There is a bug that causes this:
len r1:1
k:0
mysql_unpassworded.nasl - Requesting r[10] whereas r's length is 2 !
mysql_unpassworded.nasl - Requesting r[78] whereas r's length is 2 !
mysql_unpassworded.nasl - Requesting r[79] whereas r's length is 2 !
mysql_unpassworded.nasl - Requesting r[80] whereas r's length is 2 !
mysql_unpassworded.nasl - Requesting r[81] whereas r's length is 2 !
After a few of these, there is a "Success" response, even though the remote host
isn't vulnerable to this...
This is because:
for(i=0;i<k;i=i+1)
{
if(!(ord(r1[i])==ord(expect[i])))ok=0;
}
And k is 0.... I would guess.
Thanks
Noam Rathaus
CTO
Beyond Security Ltd
http://www.SecurITeam.com
http://www.BeyondSecurity.com
There is a bug that causes this:
len r1:1
k:0
mysql_unpassworded.nasl - Requesting r[10] whereas r's length is 2 !
mysql_unpassworded.nasl - Requesting r[78] whereas r's length is 2 !
mysql_unpassworded.nasl - Requesting r[79] whereas r's length is 2 !
mysql_unpassworded.nasl - Requesting r[80] whereas r's length is 2 !
mysql_unpassworded.nasl - Requesting r[81] whereas r's length is 2 !
After a few of these, there is a "Success" response, even though the remote host
isn't vulnerable to this...
This is because:
for(i=0;i<k;i=i+1)
{
if(!(ord(r1[i])==ord(expect[i])))ok=0;
}
And k is 0.... I would guess.
Thanks
Noam Rathaus
CTO
Beyond Security Ltd
http://www.SecurITeam.com
http://www.BeyondSecurity.com