On Tue, Jun 29, 2004 at 01:18:59PM -0600, Lucas Albers wrote: > It only appears to enumerate through these addresses: ... > /way-board/way-board.cgi?db=/etc/passwd%00
What response do you get if you try to get the above from a system that's supposedly vulnerable? Look at the headers and body returned. > > The logs on the scanned webserver show that it returned a 404 on all > > attempted access for that file. So it should not show that way-point is > > installed. The plugin doesn't look at the return code per se; instead, it looks for something like an entry for root in /etc/passwd (using the pattern ".*root:.*:0:[01]:.*"). George -- [EMAIL PROTECTED]
pgpurT4dqkN0Z.pgp
Description: PGP signature
_______________________________________________ Nessus mailing list [EMAIL PROTECTED] http://mail.nessus.org/mailman/listinfo/nessus
