Mailing List Archive

On Mon, Feb 21, 2005 at 09:12:08PM -0000, Martin O'Neal wrote:
>
> The following scripts all produce false alarms on sites that repeat the
> url back as part of a location header in a 302 redirect.
>
> fcgi_echo.nasl script_id(10838)
> phproxy_xss.nasl script_id(16069)
> ubbthreads_xss.nasl script_id(15951)

I fixed them last week - which revisions are you talking about exactly ?


-- Renaud

Versions as per:

fcgi_echo.nasl script_id(10838) v1.11
phproxy_xss.nasl script_id(16069) v1.2
ubbthreads_xss.nasl script_id(15951) v1.3

Additionally the following script only checks for a numeric "1" in a
response, no HTTP status checking etc, so false alarms on just about
anything; standard apache/iis errors etc.

an_httpd_count_cgi.nasl script_id(11555) v1.4

Martin...



-----Original Message-----
From: plugins-writers-bounces@list.nessus.org
[mailto:plugins-writers-bounces@list.nessus.org] On Behalf Of Renaud
Deraison
Sent: 21 February 2005 22:04
To: plugins-writers@list.nessus.org
Subject: Re: [Plugins-writers] Script false alarms

On Mon, Feb 21, 2005 at 09:12:08PM -0000, Martin O'Neal wrote:
>
> The following scripts all produce false alarms on sites that repeat
the
> url back as part of a location header in a 302 redirect.
>
> fcgi_echo.nasl script_id(10838)
> phproxy_xss.nasl script_id(16069)
> ubbthreads_xss.nasl script_id(15951)

I fixed them last week - which revisions are you talking about exactly ?


-- Renaud
_______________________________________________
Plugins-writers mailing list
Plugins-writers@list.nessus.org
http://mail.nessus.org/mailman/listinfo/plugins-writers

On Wed, Feb 23, 2005 at 09:25:40AM -0000, Martin O'Neal wrote:
>
> Versions as per:
>
> fcgi_echo.nasl script_id(10838) v1.11
> phproxy_xss.nasl script_id(16069) v1.2
> ubbthreads_xss.nasl script_id(15951) v1.3

Fixed.

> Additionally the following script only checks for a numeric "1" in a
> response, no HTTP status checking etc, so false alarms on just about
> anything; standard apache/iis errors etc.
>
> an_httpd_count_cgi.nasl script_id(11555) v1.4

It also checks for a 1 in the body for a bogus request, so it should not
produce any false positive.

>> an_httpd_count_cgi.nasl script_id(11555) v1.4

Looked at this further; it is generating spurious false positives on
dynamic error pages. As long as the first response body has no '1's, and
the second does (such as caused by the seconds value in a date field)
then you get a false positive response.

Martin...




-----Original Message-----
From: plugins-writers-bounces@list.nessus.org
[mailto:plugins-writers-bounces@list.nessus.org] On Behalf Of Renaud
Deraison
Sent: 24 February 2005 03:58
To: plugins-writers@list.nessus.org
Subject: Re: [Plugins-writers] Script false alarms

On Wed, Feb 23, 2005 at 09:25:40AM -0000, Martin O'Neal wrote:
>
> Versions as per:
>
> fcgi_echo.nasl script_id(10838) v1.11
> phproxy_xss.nasl script_id(16069) v1.2
> ubbthreads_xss.nasl script_id(15951) v1.3

Fixed.

> Additionally the following script only checks for a numeric "1" in a
> response, no HTTP status checking etc, so false alarms on just about
> anything; standard apache/iis errors etc.
>
> an_httpd_count_cgi.nasl script_id(11555) v1.4

It also checks for a 1 in the body for a bogus request, so it should not
produce any false positive.
_______________________________________________
Plugins-writers mailing list
Plugins-writers@list.nessus.org
http://mail.nessus.org/mailman/listinfo/plugins-writers