noamr at beyondsecurity
Mar 26, 2002, 7:53 AM
Post #1 of 1
(140 views)
Permalink
|
|
Re: BadBlue Directory Traversal
|
|
Hi,
I noticed those too, I cannot figure out a safe way to detect actual reading of
autoexec.bat, maybe searching for:
"mode " instead of just "mode". But I am not certain how safe this would be...
Anyone?
Thanks
Noam Rathaus
CTO
Beyond Security Ltd
http://www.SecurITeam.com
http://www.BeyondSecurity.com
----- Original Message -----
From: "Matt Moore" <matt [at] westpoint>
To: <noamr [at] securiteam>
Sent: Sunday, March 31, 2002 15:53
Subject: BadBlue Directory Traversal
> Hello Noam,
>
> Hope you're well. I've just finishing running a large scan, which is always
> good for rooting out plugins that false positive...
>
> The BadBlue Directory Traversal plugin you wrote appears to be (in a couple
> of rare cases) returning a false positive. The actual cause of the false
> positive is rather obscure - I think the string 'mode' is matching 'modern'
> in a font referencing inline style sheet.
>
> regards,
>
> Matt
>
>
|
