Advanced
Mailing List Archive

Mailing List Archive

  1. Home >
  2. Nessus>
  3. users
plugin 33929
spate at Spohncentral
Nov 5, 2008, 7:44 AM
Post #1 of 8 (8108 views)
Permalink
This plugin reported a web server I scanned as being vulnerable to SQL
injection. The actuall output is



+++++

The remote web server is vulnerable to SQL injection

Nessus ID : 33929 <http://cgi.nessus.org/nessus_id.php3?id=33929>

+++++



Nessus doesn't give, and I can't find, any details as to how it came to
this conclusion. The web server is running a default instance of IIS
6.0 and only displays the default IIS home page. There is no web
application running on this server.



This same plugin also reports the following as a separate record



+++++

Synopsis :

Nessus has determined that this server is NOT COMPLIANT with the
PCI DSS requirements.

Description :

The remote web server is vulnerable to some cross-site scripting
attacks (XSS), or implements old SSL2.0 cryptography, or runs obsolete
software, or is vulnerable to dangerous flaws (CVSS base score >= 4).

See also :

http://www.pcisecuritystandards.org/
http://en.wikipedia.org/wiki/PCI_DSS


Plugin output :
+ A web server is vulnerable to SQL injection
+ A medium risk flaw was found. See:
http://www.nessus.org/plugins/index.php?view=single&id=10759

Nessus ID : 33929 <http://cgi.nessus.org/nessus_id.php3?id=33929>

+++++



Still no real details. Can you tell me how nessus determined this host
is vulnerable to SQL injection?



thanks
Re: plugin 33929 [ In reply to ]
mikhail at nessus
Nov 5, 2008, 8:12 AM
Post #2 of 8 (7986 views)
Permalink
On Wednesday 05 November 2008 16:44:04 Scott Pate wrote:
> Nessus doesn't give, and I can't find, any details as to how it came to
> this conclusion.

Did you select "silent dependencies"? If so, try without it.
If not, could you send me the KB please?

Note that you should enable all plugins for a PCI DSS scan.


_______________________________________________
Nessus mailing list
Nessus@list.nessus.org
http://mail.nessus.org/mailman/listinfo/nessus
RE: plugin 33929 [ In reply to ]
spate at Spohncentral
Nov 6, 2008, 6:01 AM
Post #3 of 8 (7994 views)
Permalink
I ran the test with silent dependencies disabled and there was no change
in the results.

thanks

-----Original Message-----
From: Michel Arboi [mailto:mikhail@nessus.org]
Sent: Wednesday, November 05, 2008 10:12 AM
To: nessus@list.nessus.org
Cc: Scott Pate
Subject: Re: plugin 33929

On Wednesday 05 November 2008 16:44:04 Scott Pate wrote:
> Nessus doesn't give, and I can't find, any details as to how it came
to
> this conclusion.

Did you select "silent dependencies"? If so, try without it.
If not, could you send me the KB please?

Note that you should enable all plugins for a PCI DSS scan.


_______________________________________________
Nessus mailing list
Nessus@list.nessus.org
http://mail.nessus.org/mailman/listinfo/nessus
Re: plugin 33929 [ In reply to ]
mikhail at nessus
Nov 6, 2008, 6:04 AM
Post #4 of 8 (7993 views)
Permalink
On Thursday 06 November 2008 15:01:47 Scott Pate wrote:
> I ran the test with silent dependencies disabled and there was no change
> in the results.

Could you send me the report and the KB, please?
_______________________________________________
Nessus mailing list
Nessus@list.nessus.org
http://mail.nessus.org/mailman/listinfo/nessus
Re: plugin 33929 [ In reply to ]
mikhail at nessus
Nov 7, 2008, 5:00 AM
Post #5 of 8 (7982 views)
Permalink
On Wednesday 05 November 2008 16:44:04 Scott Pate wrote:
> This plugin reported a web server I scanned as being vulnerable to SQL
> injection.

We identified the problem and fixed it. It will soon be in the feed.
Thanks.

Note: in your situation, the bug was triggered by optimize_tests=no. This
configuration is not recommended (and it is slower).
_______________________________________________
Nessus mailing list
Nessus@list.nessus.org
http://mail.nessus.org/mailman/listinfo/nessus
RE: plugin 33929 [ In reply to ]
spate at Spohncentral
Nov 7, 2008, 5:20 AM
Post #6 of 8 (7998 views)
Permalink
Well, now I'm confused. I noticed with the new NessusClient that there
was no longer an option to set 'optimize test' and I posted a question
about it. Renaud gave this response


++++++
Hi Scott,

On Jun 10, 2008, at 2:20 PM, Scott Pate wrote:


Unless I am missing something, it seems there are some options missing
from the new NessusClient

-Where is the option to enable/disable "optimize test"?


This option is not exposed any more. Given how we code plugins now,
there is no reason why you would want to use it.



-- Renaud
+++++++

Also, NessusClient has no option for 'optimize test', yet it is still in
the xml file and the default value is set to 'no'. This means I would
have to go into the xml file and change it each time I run a scan.

thx



-----Original Message-----
From: Michel Arboi [mailto:mikhail@nessus.org]
Sent: Friday, November 07, 2008 7:00 AM
To: nessus@list.nessus.org
Cc: Scott Pate
Subject: Re: plugin 33929

On Wednesday 05 November 2008 16:44:04 Scott Pate wrote:
> This plugin reported a web server I scanned as being vulnerable to SQL
> injection.

We identified the problem and fixed it. It will soon be in the feed.
Thanks.

Note: in your situation, the bug was triggered by optimize_tests=no.
This
configuration is not recommended (and it is slower).

Attached Files:

Re: plugin 33929 [ In reply to ]
mikhail at nessus
Nov 7, 2008, 6:58 AM
Post #7 of 8 (7983 views)
Permalink
On Friday 07 November 2008 14:20:33 you wrote:
> Also, NessusClient has no option for 'optimize test', yet it is still in
> the xml file and the default value is set to 'no'. This means I would
> have to go into the xml file and change it each time I run a scan.

Please check nessusd.conf (/opt/nessus/etc/nessus/nessusd.conf on all Unix but
FreeBSD). It probably contains optimize_tests=no; change that to yes

If there is no such line, either modify your policy in the XML file (this need
to be done once) or create a new one.

_______________________________________________
Nessus mailing list
Nessus@list.nessus.org
http://mail.nessus.org/mailman/listinfo/nessus
RE: plugin 33929 [ In reply to ]
spate at Spohncentral
Nov 7, 2008, 12:28 PM
Post #8 of 8 (7972 views)
Permalink
I set optimize_test=yes in the xml and that seems to have fixed the
problem

thanks

-----Original Message-----
From: Michel Arboi [mailto:mikhail@nessus.org]
Sent: Friday, November 07, 2008 8:58 AM
To: Scott Pate; nessus@list.nessus.org
Subject: Re: plugin 33929

On Friday 07 November 2008 14:20:33 you wrote:
> Also, NessusClient has no option for 'optimize test', yet it is still
in
> the xml file and the default value is set to 'no'. This means I would
> have to go into the xml file and change it each time I run a scan.

Please check nessusd.conf (/opt/nessus/etc/nessus/nessusd.conf on all
Unix but
FreeBSD). It probably contains optimize_tests=no; change that to yes

If there is no such line, either modify your policy in the XML file
(this need
to be done once) or create a new one.

_______________________________________________
Nessus mailing list
Nessus@list.nessus.org
http://mail.nessus.org/mailman/listinfo/nessus

©2024 GT.net. A Gossamer Threads company.
5th Floor, 455 Granville St., Vancouver, BC V6C 1T1, Canada | Legal