Hi I get a warning for "pfile Multiple Cross Site Scripting and SQL Injection Vulnerabilities” (http://plugins.openvas.org/nasl.php?oid=103435)
The tested server hosts MailCleaner (http://www.mailcleaner.net), an mail filter which does *not* use pfile The plugin tries to access https://mailcleaner.ethz.ch/users/kommentar.php?filecat=";><script>alert(/openvas-xss-test/)</script>&fileid=0 and checks for the following pattern in the output "<script>alert\(/openvas-xss-test/\)</script>" Check in the script if( http_vuln_check( port:port, url:url, pattern:"<script>alert\(/openvas-xss-test/\)</script>", check_header:TRUE ) ) { Our application outputs a pretty long error containing […] string(44) "Invalid controller specified (kommentar.php)” […] and then […] ["_requestUri":protected]=> string(82) "/users/kommentar.php?filecat="><script>alert(/openvas-xss-test/)</script>&fileid=0” […] I think that the plugin should be more specific in the check as I might imagine that also other applications would put the “offending” request in an error output. Matteo -- ETH Zurich, Dr. Matteo Corti, Leiter ID Basisdienste STB H 11.1, Stampfenbachstrasse 69, 8092 Zurich Tel +41 44 63 27944, http://www.id.ethz.ch
smime.p7s
Description: S/MIME cryptographic signature
_______________________________________________ Openvas-discuss mailing list [email protected] https://lists.wald.intevation.org/cgi-bin/mailman/listinfo/openvas-discuss
