*** Jan-Oliver Wagner <[email protected]> wrote:
> On Mittwoch, 13. Januar 2010, Michael Meyer wrote:
> > "if(get_kb_item("Services/www/" + port + "/embedded"))exit(0);"
>
> this appears a bit too generic to me and might produce false negatives.
>
> Wouldn't it be better to detect the system more precisely and use
> a corresponding KB item instead of just "embedded"?
This KB entry is set by 'embedded_web_server_detect.nasl' (and a few
others) which try to detect an embedded webserver.
> > We should consider whether it makes sense in principle, running
> > plugins of Family "Web application abuses" against embedded webservers.
>
> I think it does make sense.
Hmm...you realy expect to find e.g. a "phpshop" or a "phpgroupware" or
a "mambo" on an *embedded* webserver?
A lot of embedded webservers running e.g. on switches *seems* to be not
very robust. There is a risk that we, while running Scan with "Safe Checks"
enabled, kill them. That is not what a User expected, IMHO.
But what I have now just seen is, that the functions
"can_host_{php,asp}()" using the
"Services/www/" + port + "/embedded"' KB entry as well.
This functions "return 0" if the webserver is detected as
embedded. Since these functions is used in most of the plugins in
Family "Web application abuses" that should be enough. In Jonas case
it did not work because 'embedded_web_server_detect.nasl' don't match
on "Server: Embedded Web Server", only on "Server: Embedded HTTPD". I will
add "Server: Embedded Web Server" to that plugin.
Does it make sense running nikto.nasl against an embedded webserver? ;)
Micha
--
Michael Meyer OpenPGP Key: 76E050B9
http://www.intevation.de
Intevation GmbH, Neuer Graben 17, 49074 Osnabrück; AG Osnabrück, HR B 18998
Geschäftsführer: Frank Koormann, Bernhard Reiter, Dr. Jan-Oliver Wagner
_______________________________________________
Openvas-plugins mailing list
[email protected]
http://lists.wald.intevation.org/mailman/listinfo/openvas-plugins
