[prev in list] [next in list] [prev in thread] [next in thread]
List: nessus
Subject: potential problems with netscape_rev_proxy.nasl
From: Norbert Kiesel <nkiesel () tbdnetworks ! com>
Date: 2004-06-22 18:32:05
Message-ID: 1087929125.17179.65.camel () defiant
[Download RAW message or body]
[Attachment #2 (multipart/signed)]
Hi,
while looking over recent Nessus changes, I noticed some things in
netscape_rev_proxy.nasl which I don't understand.
> if(res == NULL || "302" >!< res ) exit(0);
> myloc = strstr(res, string("Location: http://") ) ;
Would this not break if location points to an HTTPS server? Also, the
"string()" seems unnecessary.
> myloc2 = strstr(res, string("/images"));
> url = strstr(myloc - myloc2, "http");
Could be written as: url = myloc - myloc2; because myloc is guaranteed
to start with "http" anyway
Here's another potential code improvement: get the /24 prefix only once
instead of computing it 256 times. (To be honest, I assume that there is
no measurable speedup through this, but I think the code is easier to
understand that way).
prefix = ereg(string:get_host_ip(), pattern:"[0-9]+\.[0-9]+\.[0-9]+\.");
for (i=1; i<256; i++) {
req = string("GET http://", prefix, i, ":139/ HTTP/1.0\r\n\r\n");
rep = http_keepalive_send_recv(port:port, data:req);
if ( "200 OK" >< rep ) {
security_hole(port);
exit(0);
}
}
</nk>
["signature.asc" (application/pgp-signature)]
_______________________________________________
Nessus mailing list
Nessus@list.nessus.org
http://mail.nessus.org/mailman/listinfo/nessus
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic