On Fri, Feb 16, 2007 at 03:13:25PM -0000, Nelson, C.M. wrote:
However, I find that the URL that it reports does not work for me.
Perhaps it is something to do with the browser I use - not sure really.
It would be nice for the URL in the report to work.
It probably is a browser issue -- some exploits are sensitive to the
format of the request, and browsers can encode the URLs before sending
them.
To be sure, you could test by telnet'ing into the web server and issuing
the command by hand. You may need to do a packet capture to see exactly
what the plugin is sending, so you can replicate it manually.
> (I like my "customers" to be able to see this problem for themselves).
So showing them the contents of a boot.ini / passwd file from the remote
doesn't work for them?
George
--
[EMAIL PROTECTED]
_______________________________________________
Nessus mailing list
[email protected]
http://mail.nessus.org/mailman/listinfo/nessus
