Login | Register For Free | Help
Search for: (Advanced)

Mailing List Archive: Nessus: users

FireFox3 annoyances

 

 

Nessus users RSS feed   Index | Next | Previous | View Threaded


tdoty at mst

Sep 10, 2008, 3:00 PM

Post #1 of 3 (1143 views)
Permalink
FireFox3 annoyances

I was just trying to verify a vulnerability identified by nessus that
involved a web server and pasting the reported URL into FireFox3 gave no
result. I noticed that it also collapsed the URL (the vulnerability involves
directory back references). Using IE verified the result. Just thought I
would mention the need to be careful as to the tool used to verify...

Tim Doty
Systems Security Analyst
Missouri S&T
Attachments: smime.p7s (6.41 KB)


raleel at gmail

Sep 10, 2008, 5:29 PM

Post #2 of 3 (1060 views)
Permalink
Re: FireFox3 annoyances [In reply to]

I've used wget and links on occasion. even telnetted to the port once. some
of those are very hard to verify, to be honest.

On Wed, Sep 10, 2008 at 3:00 PM, Doty, Timothy T. <tdoty [at] mst> wrote:

> I was just trying to verify a vulnerability identified by nessus that
> involved a web server and pasting the reported URL into FireFox3 gave no
> result. I noticed that it also collapsed the URL (the vulnerability
> involves
> directory back references). Using IE verified the result. Just thought I
> would mention the need to be careful as to the tool used to verify...
>
> Tim Doty
> Systems Security Analyst
> Missouri S&T
>
> _______________________________________________
> Nessus mailing list
> Nessus [at] list
> http://mail.nessus.org/mailman/listinfo/nessus
>



--
Doug Nordwall
Unix, Network, and Security Administrator
You mean the vision is subject to low subscription rates?!!? - Scott Stone,
on MMORPGs


mikhail at nessus

Sep 14, 2008, 2:47 AM

Post #3 of 3 (1055 views)
Permalink
Re: FireFox3 annoyances [In reply to]

On Wed, 10 Sep 2008 17:00:03 -0500
"Doty, Timothy T." <tdoty [at] mst> wrote:

> I was just trying to verify a vulnerability identified by nessus that
> involved a web server and pasting the reported URL into FireFox3 gave
> no result. I noticed that it also collapsed the URL (the
> vulnerability involves directory back references). Using IE verified
> the result.

Firefox 2 on Linux collapses ../../.. too.
This is common. IE collapses some forms of directory traversal too.
You may try different browsers; GET from libwww-perl is probably
more reliable. See http://search.cpan.org/~gaas/libwww-perl-5.814/

In some cases, Nessus' build_url() function must add a / at
the beginning of the query string to get a syntactically correct URL.
e.g. if flaw appears when the web server receives "..\..\boot.ini",
Nessus will report "http://host/..\..\boot.init"
If you click on that, your browser (or GET from libwww-perl) will send
"/..\..\boot.ini" which might not work as expected. To reproduce the
flaw, you'll have to run
echo -ne 'GET ..\..\boot.ini HTTP/1.1\r\nHost: host\r\n\r\n' |
netcat ip 80
_______________________________________________
Nessus mailing list
Nessus [at] list
http://mail.nessus.org/mailman/listinfo/nessus

Nessus users RSS feed   Index | Next | Previous | View Threaded
 
 


Interested in having your list archived? Contact Gossamer Threads
 
  Web Applications & Managed Hosting Powered by Gossamer Threads Inc.