This plugin reported a web server I scanned as being vulnerable to SQL
injection. The actuall output is
+++++
The remote web server is vulnerable to SQL injection
Nessus ID : 33929 <http://cgi.nessus.org/nessus_id.php3?id=33929>
+++++
Nessus doesn't give, and I can't find, any details as to how it came to
this conclusion. The web server is running a default instance of IIS
6.0 and only displays the default IIS home page. There is no web
application running on this server.
This same plugin also reports the following as a separate record
+++++
Synopsis :
Nessus has determined that this server is NOT COMPLIANT with the
PCI DSS requirements.
Description :
The remote web server is vulnerable to some cross-site scripting
attacks (XSS), or implements old SSL2.0 cryptography, or runs obsolete
software, or is vulnerable to dangerous flaws (CVSS base score >= 4).
See also :
http://www.pcisecuritystandards.org/
http://en.wikipedia.org/wiki/PCI_DSS
Plugin output :
+ A web server is vulnerable to SQL injection
+ A medium risk flaw was found. See:
http://www.nessus.org/plugins/index.php?view=single&id=10759
Nessus ID : 33929 <http://cgi.nessus.org/nessus_id.php3?id=33929>
+++++
Still no real details. Can you tell me how nessus determined this host
is vulnerable to SQL injection?
thanks
injection. The actuall output is
+++++
The remote web server is vulnerable to SQL injection
Nessus ID : 33929 <http://cgi.nessus.org/nessus_id.php3?id=33929>
+++++
Nessus doesn't give, and I can't find, any details as to how it came to
this conclusion. The web server is running a default instance of IIS
6.0 and only displays the default IIS home page. There is no web
application running on this server.
This same plugin also reports the following as a separate record
+++++
Synopsis :
Nessus has determined that this server is NOT COMPLIANT with the
PCI DSS requirements.
Description :
The remote web server is vulnerable to some cross-site scripting
attacks (XSS), or implements old SSL2.0 cryptography, or runs obsolete
software, or is vulnerable to dangerous flaws (CVSS base score >= 4).
See also :
http://www.pcisecuritystandards.org/
http://en.wikipedia.org/wiki/PCI_DSS
Plugin output :
+ A web server is vulnerable to SQL injection
+ A medium risk flaw was found. See:
http://www.nessus.org/plugins/index.php?view=single&id=10759
Nessus ID : 33929 <http://cgi.nessus.org/nessus_id.php3?id=33929>
+++++
Still no real details. Can you tell me how nessus determined this host
is vulnerable to SQL injection?
thanks