Login | Register For Free | Help
Search for: (Advanced)

Mailing List Archive: Nessus: plugins

Broken 404 parsing in cross_site_scripting.nasl

 

 

Nessus plugins RSS feed   Index | Next | Previous | View Threaded


nnposter at users

Dec 4, 2008, 8:17 AM

Post #1 of 1 (2959 views)
Permalink
Broken 404 parsing in cross_site_scripting.nasl

Recently script cross_site_scripting.nasl got modified to request
URLs via http_send_recv3(). The script attempts to retrieve mostly
non-existent URLs so the likely result is a 404. The problem is that
to detect any XSS the script needs to parse the response body but
http_send_recv3() will not provide it unless parameter fetch404 is
set to TRUE.

The following patch against version 1.54 resolves the issue:

--- cross_site_scripting.nasl.orig 2008-10-31 06:34:32.000000000 -0600
+++ cross_site_scripting.nasl 2008-12-03 14:41:10.000000000 -0500
@@ -111,7 +111,8 @@
foreach url (urls)
{
# Try to exploit the flaw.
- r = http_send_recv3(method: 'GET', item:url, port:port, embedded: 1);
+ r = http_send_recv3(method: 'GET', item:url, port:port, embedded: 1,
+ fetch404: TRUE);
if (isnull(r))
{
failures ++;


Cheers,
nnposter
_______________________________________________
Plugins-writers mailing list
Plugins-writers [at] list
http://mail.nessus.org/mailman/listinfo/plugins-writers

Nessus plugins RSS feed   Index | Next | Previous | View Threaded
 
 


Interested in having your list archived? Contact Gossamer Threads
 
  Web Applications & Managed Hosting Powered by Gossamer Threads Inc.