Advanced
Mailing List Archive

Mailing List Archive

  1. Home >
  2. Nessus>
  3. plugins
Plugin for the latest Mantis vulnerabilities
joxeankoret at yahoo
Sep 27, 2005, 4:44 AM
Post #1 of 2 (779 views)
Permalink
Hi!

I write a plugin for the latest Mantis Bugtracker vulnerabilities. Attached goes the NASL plugin.

Regards,
Joxean Koret

Attached Files:

Re: Plugin for the latest Mantis vulnerabilities [ In reply to ]
deraison at nessus
Sep 27, 2005, 5:21 AM
Post #2 of 2 (739 views)
Permalink
On Sep 27, 2005, at 7:44, Joxean Koret wrote:

> Hi!
>
> I write a plugin for the latest Mantis Bugtracker
> vulnerabilities. Attached goes the NASL plugin.

This is redundant with plugin #19473 which has been written by David
Maciejak.

In addition to this, your plugin is vulnerable to numerous cross site
scripting issues, at it simply looks for text to be echoed back by
the remote server. Whether Mantis is vulnerable or not, and wether
the remote host is running Mantis or not, you'd get false positives
(ie: try it against www.slashdot.org).


-- Renaud

©2024 GT.net. A Gossamer Threads company.
5th Floor, 455 Granville St., Vancouver, BC V6C 1T1, Canada | Legal