[prev in list] [next in list] [prev in thread] [next in thread] 

List:       nessus-plugins-writers
Subject:    Re: False positive in nsm_format_strings.nasl
From:       "Noam Rathaus" <noamr () beyondsecurity ! com>
Date:       2002-08-22 9:46:49
Message-ID: 000f01c249c0$d66be960$3501a8c0 () noamlp
[Download RAW message or body]

Hi,

Why continue if the server responds with a "400 Bad Request" ? Why risk a f=
alse
positive?

Thanks
Noam Rathaus
CTO
Beyond Security Ltd
http://www.SecurITeam.com
http://www.BeyondSecurity.com
----- Original Message -----
From: "Renaud Deraison" <deraison@nessus.org>
To: "Nessus Plugin Mailing List" <plugins-writers@list.nessus.org>
Sent: Thursday, August 22, 2002 10:37 AM
Subject: Re: False positive in nsm_format_strings.nasl


> On Thu, Aug 22, 2002 at 11:28:11AM +0200, Noam Rathaus wrote:
> > Hi,
> >
> > This is to remove a false positive in nsm_format_strings.nasl
> >
> > 100,105c100
> > <
> > <   if ("HTTP/1.0 400 " >< r)
> > <   {
> > <    exit(0);
> > <   }
> > <
>
> I fail to understand that. The logic in the code is :
>
> - Request GET http://www.foobar.com HTTP/1.1
>   Authorization: (nessus:nessus)
> - If we get a reply, we do :
> GET http://www.foobar.com
> Authorization: (some format strings)
> - If we don't get any reply this time,
>   then the remote server problably crashed,
>   we issue an alert
>
>
> Which server did produce a false positive ? Are you sure it's really
> a false positive ?
>
>
> -- Renaud
>

[prev in list] [next in list] [prev in thread] [next in thread]