I have just installed Nessus 3 on an additional machine (windows) and am performing a scan, hopefully it will find the xss...
Unfortunately I don't have access to the logs, I will check with the web team to see if I can have those provided to me, as far as Nessus identifying the scripts it doesn't look like it is testing the scripts.. Nessus ID : 10662 finds discovers cgi scripts, and just stops, reports nothing else except for the discovery. Once this is completed I will re-run an additional scan with wireshark or something and private you the capture. If you have any additional suggestions let me know Chris -----Original Message----- From: George A. Theall [mailto:[EMAIL PROTECTED] Sent: Wednesday, June 11, 2008 2:38 PM To: Christopher Ashby Cc: [email protected] Subject: Re: Nessus XSS Discoveries On Jun 11, 2008, at 10:05 AM, Christopher Ashby wrote: > For some reason which I'm unable to explain, the Nessus scanner will > not > detect XSS vulnerabilities in my server.. I'm using Nessus 2.2.10 and > updated the plug-ins last night (registered feed). What sorts of requests, if any, do you see Nessus making in the web server's logs? Is Nessus at least identifying the affected scripts and testing its parameters? If so, would I be able to get a packet capture taken when you run the scan limited to just the XSS issues? George -- [EMAIL PROTECTED] _______________________________________________ Nessus mailing list [email protected] http://mail.nessus.org/mailman/listinfo/nessus
