Advanced
Mailing List Archive

Mailing List Archive

  1. Home >
  2. Nessus>
  3. plugins
iis_propfind2.nasl (10667) potentially unsafe
hubert at westpoint
Aug 9, 2007, 4:22 AM
Post #1 of 2 (1933 views)
Permalink
The plugin summary is "Attempts to crash the Microsoft IIS server", and
it appears to send a long malformed propfind request:

"<a:prop><a:displayname /><u:",
crap(1025),
" /></a:prop></a:propfind>\r\n\r\n");

The plugin doesn't consult safe_checks() and is not in one of the
destructive test categories (it's ACT_ATTACK).

I would suggest adding a safe_checks() test and/or changing the category
to ACT_DESTRUCTIVE_ATTACK or ACT_DENIAL.

--
Hubert Seiwert

Internet Security Specialist, Westpoint Ltd
Albion Wharf, 19 Albion Street, Manchester M1 5LN, United Kingdom

Web: www.westpoint.ltd.uk
Tel: +44-161-2371028
_______________________________________________
Plugins-writers mailing list
Plugins-writers@list.nessus.org
http://mail.nessus.org/mailman/listinfo/plugins-writers
Re: iis_propfind2.nasl (10667) potentially unsafe [ In reply to ]
deraison at nessus
Aug 13, 2007, 2:21 AM
Post #2 of 2 (1745 views)
Permalink
Hi Hubert,



On Aug 9, 2007, at 1:22 PM, Hubert Seiwert wrote:

> The plugin summary is "Attempts to crash the Microsoft IIS server",
> and
> it appears to send a long malformed propfind request:
>
> "<a:prop><a:displayname /><u:",
> crap(1025),
> " /></a:prop></a:propfind>\r\n\r\n");
>
> The plugin doesn't consult safe_checks() and is not in one of the
> destructive test categories (it's ACT_ATTACK).

Actually this plugin was modified in march 2007 and is non-intrusive
any more. So the summary is wrong, but the category is correct.


I'll get this fixed, thanks.


-- Renaud
_______________________________________________
Plugins-writers mailing list
Plugins-writers@list.nessus.org
http://mail.nessus.org/mailman/listinfo/plugins-writers

©2024 GT.net. A Gossamer Threads company.
5th Floor, 455 Granville St., Vancouver, BC V6C 1T1, Canada | Legal