This generic ftp traversal test uses anonymous:nessus@<hostname>. I
found an ftp server this morning with a traversal vulnerability, but it
doesn't accept "anonymous". It did, however, accept Administrator:"" and
guest:guest and guest:"". The null passwords were reported by 10166 and
11160. It would be quite useful if this plugin tried the traversal if
ftp access was gained in any way.
Cheryl
_______________________________________________
Plugins-writers mailing list
Plugins-writers@list.nessus.org
http://mail.nessus.org/mailman/listinfo/plugins-writers
found an ftp server this morning with a traversal vulnerability, but it
doesn't accept "anonymous". It did, however, accept Administrator:"" and
guest:guest and guest:"". The null passwords were reported by 10166 and
11160. It would be quite useful if this plugin tried the traversal if
ftp access was gained in any way.
Cheryl
_______________________________________________
Plugins-writers mailing list
Plugins-writers@list.nessus.org
http://mail.nessus.org/mailman/listinfo/plugins-writers