Hi

I get a warning for "pfile Multiple Cross Site Scripting and SQL Injection 
Vulnerabilities” (http://plugins.openvas.org/nasl.php?oid=103435)

The tested server hosts MailCleaner (http://www.mailcleaner.net), an mail 
filter which does *not* use pfile

The plugin tries to access 
https://mailcleaner.ethz.ch/users/kommentar.php?filecat=";><script>alert(/openvas-xss-test/)</script>&fileid=0
 and checks for the following pattern in the output
        "<script>alert\(/openvas-xss-test/\)</script>"

Check in the script
                  if( http_vuln_check( port:port, url:url, 
pattern:"<script>alert\(/openvas-xss-test/\)</script>", check_header:TRUE ) ) {


Our application outputs a pretty long error containing

[…]
      string(44) "Invalid controller specified (kommentar.php)”
[…]

and then

[…]
              ["_requestUri":protected]=>
              string(82) 
"/users/kommentar.php?filecat="><script>alert(/openvas-xss-test/)</script>&fileid=0”
[…]

I think that the plugin should be more specific in the check as I might imagine 
that also other applications would put the “offending” request in an error 
output.

Matteo

-- 
ETH Zurich, Dr. Matteo Corti, Leiter ID Basisdienste
STB H 11.1, Stampfenbachstrasse 69, 8092 Zurich
Tel +41 44 63 27944, http://www.id.ethz.ch

Attachment: smime.p7s
Description: S/MIME cryptographic signature

_______________________________________________
Openvas-discuss mailing list
Openvas-discuss@wald.intevation.org
https://lists.wald.intevation.org/cgi-bin/mailman/listinfo/openvas-discuss

Reply via email to