noamr at beyondsecurity
Mar 26, 2002, 7:53 AM
Post #1 of 1
Re: BadBlue Directory Traversal
I noticed those too, I cannot figure out a safe way to detect actual reading of
autoexec.bat, maybe searching for:
"mode " instead of just "mode". But I am not certain how safe this would be...
Beyond Security Ltd
----- Original Message -----
From: "Matt Moore" <matt [at] westpoint>
To: <noamr [at] securiteam>
Sent: Sunday, March 31, 2002 15:53
Subject: BadBlue Directory Traversal
> Hello Noam,
> Hope you're well. I've just finishing running a large scan, which is always
> good for rooting out plugins that false positive...
> The BadBlue Directory Traversal plugin you wrote appears to be (in a couple
> of rare cases) returning a false positive. The actual cause of the false
> positive is rather obscure - I think the string 'mode' is matching 'modern'
> in a font referencing inline style sheet.