Hi, just as a follow-up to this:
On 07.11.2017 23:51, Paul A wrote: > Hi, recently I got an email with the subject, "Cookie stealer report " I > looked at my apache logs and notice a particular ip scanning my server at > that time using OpenVAS which I had never heard of it before. I highly doubt that the mail was sent out by the OpenVAS scan itself. There is no NVT using anything like "Cookie stealer report" as a mail subject. Its more likely that you have a script like e.g. shown in [1] or [2] somewhere accessible on your web server which got called / accessed from the scanner. [1] http://aspirantz.in/blog/2012/02/04/how-to-make-cookies-and-hack-orkut-accounts/ [2] https://blog4hacks.blogspot.de/2009/07/cookie-stealing-basics.html Regards, -- Christian Fischer | PGP Key: 0x54F3CE5B76C597AD Greenbone Networks GmbH | http://greenbone.net Neumarkt 12, 49074 Osnabrück, Germany | AG Osnabrück, HR B 202460 Geschäftsführer: Lukas Grunwald, Dr. Jan-Oliver Wagner _______________________________________________ Openvas-discuss mailing list [email protected] https://lists.wald.intevation.org/cgi-bin/mailman/listinfo/openvas-discuss
