martin.macok at underground
Feb 14, 2004, 7:12 PM
Post #1 of 1
(504 views)
Permalink
|
|
hardcoded port numbers in scripts (and sometimes wrong ports in reports)
|
|
--- iis_viewcode.nasl 2004-01-09 11:30:15.000000000 +0100
+++ iis_viewcode.nasl 2004-02-15 02:56:35.000000000 +0100
@@ -80,7 +80,7 @@
"Example, http://your.url.com/pathto/viewcode.asp?source=../../../../autoexec.bat\n",
"\n\nSolution : delete these files\n",
"Risk factor : Serious");
- security_warning(port:80, data:mywarning);
+ security_warning(port:port, data:mywarning);
}
}
% grep "security_\(warning\|hole\)(\(port:\|\)[0-9]\+" *.nasl|wc -l
191
Volunteers for auditing (may be false positives) ?
Martin Mačok
|
