Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security Nessus-Users
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

FP on apache_chunked_encoding.nasl

from [Jason Haar] Network Security [Permanent Link]
Subject: FP on apache_chunked_encoding.nasl
Date: Fri, 27 Aug 2004 13:53:04 +1200 
I've just scanned a bunch of IIS servers, and one of them came up via
apache_chunked_encoding.nasl

Can't figure out what happened there, the plugin looks like it'll only fire
for the string "Apache", but the server is returning:

HTTP/1.1 302 Object Moved
Date: Fri, 27 Aug 2004 01:37:43 GMT
Content-Length: 146
Content-Type: text/html
Server: Microsoft-IIS/5.0

Anyway, I went through by hand and emulated the plugin: IIS-5.0 did return a
HTTP 500 code on the exploit attempt - so it should have failed this test
anyway.

I can't figure out what went wrong with this one...

Nessus-2.0.12 - today's plugins


-- 
Cheers

Jason Haar
Information Security Manager, Trimble Navigation Ltd.
Phone: +64 3 9635 377 Fax: +64 3 9635 417
PGP Fingerprint: 7A2E 0407 C9A6 CAF6 2B9F 8422 C063 5EBB FE1D 66D1
_______________________________________________
Nessus mailing list
Nessus@list.nessus.org
http://mail.nessus.org/mailman/listinfo/nessus
[More with this subject...]




<Prev in Thread] Current Thread [Next in Thread>
  • FP on apache_chunked_encoding.nasl, Jason Haar <=
Previous by Date:  Re: Wrong protocol for racoon_cookie_malloc_dos.nasl, George Theall
Next by Date:  Re: Wrong protocol for racoon_cookie_malloc_dos.nasl, Jason Haar
Previous by Thread:  Wrong protocol for racoon_cookie_malloc_dos.nasl, Jason Haar
Next by Thread:  RE: Privilege separation, McKechnie, Grant (Contractor)
Indexes:  [Date] [Thread] [Top] [All Lists]