Advanced
Mailing List Archive

Mailing List Archive

  1. Home >
  2. Nessus>
  3. plugins
coldfusion_double_encoded_null_info_disclosure.nasl
dennis.jackson at ndirect
Mar 3, 2008, 11:47 AM
Post #1 of 2 (3492 views)
Permalink
There is an error in the list of files that coldfusion_double_encoded_null_info_disclosure.nasl tries to get (when being paranoid).

The third item in the list

if (isnull(files)) files = make_list("/index.asp", "/Default.asp", "index.aspx", "/Default.aspx");

should have a leading /.

Also, the list could be extended to include /../../../../wwwroot/iisstart.asp


_______________________________________________
Plugins-writers mailing list
Plugins-writers@list.nessus.org
http://mail.nessus.org/mailman/listinfo/plugins-writers
Re: coldfusion_double_encoded_null_info_disclosure.nasl [ In reply to ]
theall at tenablesecurity
Mar 3, 2008, 1:05 PM
Post #2 of 2 (3353 views)
Permalink
On Mar 3, 2008, at 2:47 PM, Dennis Jackson wrote:

> There is an error in the list of files that
> coldfusion_double_encoded_null_info_disclosure.nasl tries to get
> (when being paranoid).
>
> The third item in the list
>
> if (isnull(files)) files = make_list("/index.asp", "/Default.asp",
> "index.aspx", "/Default.aspx");
>
> should have a leading /.

Fixed. Thanks.

> Also, the list could be extended to include /../../../../wwwroot/
> iisstart.asp

Is this sort of request normal or does it exploit a directory
traversal vulnerability?

George
--
theall@tenablesecurity.com



_______________________________________________
Plugins-writers mailing list
Plugins-writers@list.nessus.org
http://mail.nessus.org/mailman/listinfo/plugins-writers

©2024 GT.net. A Gossamer Threads company.
5th Floor, 455 Granville St., Vancouver, BC V6C 1T1, Canada | Legal