On 12/13/07 10:46, Yanyan Wang wrote:
> The result might be alse positive as
>
> foo.cgi?email=valid+sql returns "'valid+sql' is not a valid email".
>
> foo.cgi?email=invalid+sql returns "'invalid+sql' is not a valid
> email".
>
> returned the same value, but the page is not accessing sql in that
> page.
Are you able to show exactly what is returned?
> I'm just perplexed why would same identical scan return two different
> reports.
A timeout issue? Content filtering? ... hard to say really.
Btw, as Renaud asked before, which revision of the plugin were you using
when you ran the scans?
> Would it have anything to do with this bug?
>
> req = http_get(item:bogus_vrequest, port:port); bres =
> http_keepalive_send_recv(port:port, data:req);
>
> if (egrep(string:bres, pattern:"^HTTP/1\..*200 OK")) { exit(0); }
Could you explain what you're referring to, especially as it relates to
the different results you experienced?
George
--
[EMAIL PROTECTED]
_______________________________________________
Nessus mailing list
[email protected]
http://mail.nessus.org/mailman/listinfo/nessus
