*** Michael Meyer wrote: > *** [email protected] wrote: > > > cactuShop_multiple_flaws.nasl seems to give false positives for gopher > > servers with integreted web support. Maybe other web-like things also. > > > > At least http://www.quux.org/devel/gopher/pygopherd > > > > I guess the test should be more specific. > > It's looking for '<script>foo</script>' in the response. Against which > pygopherd version the false positive came up?
pygopherd_2.0.16 GET /popuplargeimage.asp?strImageTag=<script>foo</script> HTTP/1.1 Connection: Close Host: 192.168.2.5 Pragma: no-cache User-Agent: Mozilla/4.75 [en] (X11, U; OpenVAS) Accept: image/gif, image/x-xbitmap, image/jpeg, image/pjpeg, image/png, */* Accept-Language: en Accept-Charset: iso-8859-1,*,utf-8 3'/GET /popuplargeimage.asp?strImageTag=<script>foo</script> HTTP/1.1' does not exist (no handler found)..error.host.1 Micha -- Michael Meyer OpenPGP Key: 52A6EFA6 http://www.greenbone.net/ Greenbone Networks GmbH, Neuer Graben 17, 49074 Osnabrück | AG Osnabrück, HR B 202460 Geschäftsführer: Lukas Grunwald, Dr. Jan-Oliver Wagner _______________________________________________ Openvas-plugins mailing list [email protected] http://lists.wald.intevation.org/cgi-bin/mailman/listinfo/openvas-plugins
