Login | Register For Free | Help
Search for: (Advanced)

Mailing List Archive: Nessus: devel

hardcoded port numbers in scripts (and sometimes wrong ports in reports)

 

 

Nessus devel RSS feed   Index | Next | Previous | View Threaded


martin.macok at underground

Feb 14, 2004, 7:12 PM

Post #1 of 1 (584 views)
Permalink
hardcoded port numbers in scripts (and sometimes wrong ports in reports)

--- iis_viewcode.nasl 2004-01-09 11:30:15.000000000 +0100
+++ iis_viewcode.nasl 2004-02-15 02:56:35.000000000 +0100
@@ -80,7 +80,7 @@
"Example, http://your.url.com/pathto/viewcode.asp?source=../../../../autoexec.bat\n",
"\n\nSolution : delete these files\n",
"Risk factor : Serious");
- security_warning(port:80, data:mywarning);
+ security_warning(port:port, data:mywarning);
}
}


% grep "security_\(warning\|hole\)(\(port:\|\)[0-9]\+" *.nasl|wc -l
191

Volunteers for auditing (may be false positives) ?

Martin Mačok

Nessus devel RSS feed   Index | Next | Previous | View Threaded
 
 


Interested in having your list archived? Contact Gossamer Threads
 
  Web Applications & Managed Hosting Powered by Gossamer Threads Inc.