On Wed, 10 Sep 2008 17:00:03 -0500 "Doty, Timothy T." <[EMAIL PROTECTED]> wrote:
> I was just trying to verify a vulnerability identified by nessus that > involved a web server and pasting the reported URL into FireFox3 gave > no result. I noticed that it also collapsed the URL (the > vulnerability involves directory back references). Using IE verified > the result. Firefox 2 on Linux collapses ../../.. too. This is common. IE collapses some forms of directory traversal too. You may try different browsers; GET from libwww-perl is probably more reliable. See http://search.cpan.org/~gaas/libwww-perl-5.814/ In some cases, Nessus' build_url() function must add a / at the beginning of the query string to get a syntactically correct URL. e.g. if flaw appears when the web server receives "..\..\boot.ini", Nessus will report "http://host/..\..\boot.init"; If you click on that, your browser (or GET from libwww-perl) will send "/..\..\boot.ini" which might not work as expected. To reproduce the flaw, you'll have to run echo -ne 'GET ..\..\boot.ini HTTP/1.1\r\nHost: host\r\n\r\n' | netcat ip 80 _______________________________________________ Nessus mailing list [email protected] http://mail.nessus.org/mailman/listinfo/nessus
