On Fri, 26 Mar 2004, Flickema, Drew W. wrote: > Is there anyone successfully using sql_injection.nasl and > tourturecgis.nasl to discover SQL or XSS vulnerabilities?
Yes, they can detect those vulns. Of couse, they cannot be 100% reliable: holes can hide in obscure places like places behind forms (esp. forms filled with nontrivial data, "JavaScript enabled" hyperlinks etc.), or in encoded fields (once upon a time we found a form having a hidden "SQL injectable" BASE64-encoded field). --Pavel Kankovsky aka Peak [ Boycott Microsoft--http://www.vcnet.com/bms ] "Resistance is futile. Open your source code and prepare for assimilation." _______________________________________________ Nessus mailing list [EMAIL PROTECTED] http://mail.nessus.org/mailman/listinfo/nessus
