On Wed, Jan 10, 2007 at 08:51:46AM -0800, Jeff Tate wrote:
I'm having trouble verifying findings from this
plugin. It is getting triggered agaist a few
webservers, but when I try to verify by using a
webbrowser to request valid and invalid usernames, the
responses are the same.
...
What part of the response is retrieved and evaluated
by:
res = http_keepalive_send_recv(port:port, data:req);
A more complete code snippet is something like:
req = http_get(item:"/~root", port:port);
res = http_keepalive_send_recv(port:port, data:req);
if ( ! res ) exit(0);
array = split(res);
code = array[0];
res will have the entire response, and split() without any named
arguments splits on newlines. Thus, code will be the first line of the
response; eg, something like:
HTTP/1.1 404 Not Found
if you're looking at an Apache web server in which root does not serve
up a homepage.
That said, we've identified a problem in the plugin that could cause
some reporting issues. Please update to revision 1.20 in a few hours and
let us know if that doesn't help.
George
--
[EMAIL PROTECTED]
_______________________________________________
Nessus mailing list
[email protected]
http://mail.nessus.org/mailman/listinfo/nessus
