Advanced
Mailing List Archive

Mailing List Archive

  1. Home >
  2. Nessus>
  3. users
FireFox3 annoyances
tdoty at mst
Sep 10, 2008, 3:00 PM
Post #1 of 3 (1995 views)
Permalink
I was just trying to verify a vulnerability identified by nessus that
involved a web server and pasting the reported URL into FireFox3 gave no
result. I noticed that it also collapsed the URL (the vulnerability involves
directory back references). Using IE verified the result. Just thought I
would mention the need to be careful as to the tool used to verify...

Tim Doty
Systems Security Analyst
Missouri S&T

Attached Files:

Re: FireFox3 annoyances [ In reply to ]
raleel at gmail
Sep 10, 2008, 5:29 PM
Post #2 of 3 (1895 views)
Permalink
I've used wget and links on occasion. even telnetted to the port once. some
of those are very hard to verify, to be honest.

On Wed, Sep 10, 2008 at 3:00 PM, Doty, Timothy T. <tdoty@mst.edu> wrote:

> I was just trying to verify a vulnerability identified by nessus that
> involved a web server and pasting the reported URL into FireFox3 gave no
> result. I noticed that it also collapsed the URL (the vulnerability
> involves
> directory back references). Using IE verified the result. Just thought I
> would mention the need to be careful as to the tool used to verify...
>
> Tim Doty
> Systems Security Analyst
> Missouri S&T
>
> _______________________________________________
> Nessus mailing list
> Nessus@list.nessus.org
> http://mail.nessus.org/mailman/listinfo/nessus
>



--
Doug Nordwall
Unix, Network, and Security Administrator
You mean the vision is subject to low subscription rates?!!? - Scott Stone,
on MMORPGs
Re: FireFox3 annoyances [ In reply to ]
mikhail at nessus
Sep 14, 2008, 2:47 AM
Post #3 of 3 (1894 views)
Permalink
On Wed, 10 Sep 2008 17:00:03 -0500
"Doty, Timothy T." <tdoty@mst.edu> wrote:

> I was just trying to verify a vulnerability identified by nessus that
> involved a web server and pasting the reported URL into FireFox3 gave
> no result. I noticed that it also collapsed the URL (the
> vulnerability involves directory back references). Using IE verified
> the result.

Firefox 2 on Linux collapses ../../.. too.
This is common. IE collapses some forms of directory traversal too.
You may try different browsers; GET from libwww-perl is probably
more reliable. See http://search.cpan.org/~gaas/libwww-perl-5.814/

In some cases, Nessus' build_url() function must add a / at
the beginning of the query string to get a syntactically correct URL.
e.g. if flaw appears when the web server receives "..\..\boot.ini",
Nessus will report "http://host/..\..\boot.init"
If you click on that, your browser (or GET from libwww-perl) will send
"/..\..\boot.ini" which might not work as expected. To reproduce the
flaw, you'll have to run
echo -ne 'GET ..\..\boot.ini HTTP/1.1\r\nHost: host\r\n\r\n' |
netcat ip 80
_______________________________________________
Nessus mailing list
Nessus@list.nessus.org
http://mail.nessus.org/mailman/listinfo/nessus

©2024 GT.net. A Gossamer Threads company.
5th Floor, 455 Granville St., Vancouver, BC V6C 1T1, Canada | Legal