I'm trying to track down some information regarding a DCShop vulnerability to attempt to resolve the source of a false positive I'm seeing.
A 3rd party scan returned this result: "We detected a vulnerable version of the DCShop CGI. This version does not properly protect user and credit card information. It is possible to access files that contain administrative passwords, current and pending transactions and credit card information (along with name, address, etc)." I have a Nessus 3.0 install on a windows server. There is no sign of a dcshop plugin. Googling found: http://mail.nessus.org/pipermail/nessus-cvs/2003-April/msg00131.html - " dcshop_information_disclosure.nasl" I have definitely updated my plugins, but I do not see this particular plugin anywhere. My install was done last week and I have over 14,000 files in the scripts folder, but nothing with "dcshop". So, is this an older / retired / bad plugin? Or is it incompatible with 3.0? I download the linux plugins package for 2.x (nessus-plugins-2.2.9.tar.gz) and nothing "dcshop" seems to be in there, either. so any information appreciated. Thanks, Mike Vasquez
_______________________________________________ Nessus mailing list [email protected] http://mail.nessus.org/mailman/listinfo/nessus
