The plugin summary is "Attempts to crash the Microsoft IIS server", and
it appears to send a long malformed propfind request:
"<a:prop><a:displayname /><u:",
crap(1025),
" /></a:prop></a:propfind>\r\n\r\n");
The plugin doesn't consult safe_checks() and is not in one of the
destructive test categories (it's ACT_ATTACK).
I would suggest adding a safe_checks() test and/or changing the category
to ACT_DESTRUCTIVE_ATTACK or ACT_DENIAL.
--
Hubert Seiwert
Internet Security Specialist, Westpoint Ltd
Albion Wharf, 19 Albion Street, Manchester M1 5LN, United Kingdom
Web: www.westpoint.ltd.uk
Tel: +44-161-2371028
_______________________________________________
Plugins-writers mailing list
Plugins-writers@list.nessus.org
http://mail.nessus.org/mailman/listinfo/plugins-writers
it appears to send a long malformed propfind request:
"<a:prop><a:displayname /><u:",
crap(1025),
" /></a:prop></a:propfind>\r\n\r\n");
The plugin doesn't consult safe_checks() and is not in one of the
destructive test categories (it's ACT_ATTACK).
I would suggest adding a safe_checks() test and/or changing the category
to ACT_DESTRUCTIVE_ATTACK or ACT_DENIAL.
--
Hubert Seiwert
Internet Security Specialist, Westpoint Ltd
Albion Wharf, 19 Albion Street, Manchester M1 5LN, United Kingdom
Web: www.westpoint.ltd.uk
Tel: +44-161-2371028
_______________________________________________
Plugins-writers mailing list
Plugins-writers@list.nessus.org
http://mail.nessus.org/mailman/listinfo/plugins-writers