On Tuesday 07 October 2014 02:13 PM, Chris wrote:
Hi,
Its detect script issue. I am looking at this how to improve the
detect script.
any updates on this? I think the following improvements:
1.) Detect "TYPO3 Login" and "TYPO3 CMS Login" in the <title> of the login page
2.) Get the major version out of the "<meta name="generator" content="TYPO3 4.5"
3.) Get the minor version out of the http://example.com/typo3_src/ChangeLog and
use it if its the same or higher than detected in 2.)
"typo3_src/ChangeLog" file is not accessible always. It says 403 Forbidden.
We need to think some other options.
Thanks,
Antu Sanadi
could really improve the detection rate of vulnerable TYPO3 installations.
Especially as most of the existing 51 NVTs are currently only useful if you
have an valid login into the TYPO3 backend.
Thanks again.
_______________________________________________
Openvas-plugins mailing list
[email protected]
https://lists.wald.intevation.org/cgi-bin/mailman/listinfo/openvas-plugins
--
Saner Personal
A free vulnerability mitigation
software. Build strong defense.
http://www.secpod.com/saner-personal.html
_______________________________________________
Openvas-plugins mailing list
[email protected]
https://lists.wald.intevation.org/cgi-bin/mailman/listinfo/openvas-plugins
