Network Security: Detailed info on Re: BLIND SQL Injection Question

Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.

Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.

Network Security Nessus-Users

[Top] [All Lists]

Re: BLIND SQL Injection Question

from [George A. Theall] Network Security

[Permanent Link]

Subject:	Re: BLIND SQL Injection Question
Date:	Tue, 11 Dec 2007 21:42:10 -0500

On 12/10/07 19:28, Yanyan Wang wrote:

I scanned a server twice with about 30-40 minutes of time difference,
same preferences. The first scan reported a "BLING SQL Injection"
vulnerablity, but not the second one.


It's hard to say. Did you look through the Nessus server log to see if 
there was any reason that particular plugin (I assume it's #11139, 
sql_injection.nasl) might not have been launched? Like, was the remote 
web server / host still alive when you launched the second scan? Is 
there some type of IPS that might have prevented the plugin from running 
the second time? Do you have access to the logs on the remote host and, 
if so, do they tell you anything?

George
-- 
theall@tenablesecurity.com
_______________________________________________
Nessus mailing list
Nessus@list.nessus.org
http://mail.nessus.org/mailman/listinfo/nessus

[More messages with this same subject...]

<Prev in Thread]	Current Thread	[Next in Thread>
BLIND SQL Injection Question, Yanyan Wang Re: BLIND SQL Injection Question, George A. Theall <= Message not available Message not available Message not available Message not available Re: BLIND SQL Injection Question, Yanyan Wang Re: BLIND SQL Injection Question, George A. Theall Re: BLIND SQL Injection Question, Renaud Deraison (lists)

Previous by Date:	Re: Trouble running Nessus 3.6.1 on Mac OS X 10.5.1, Scott Kennedy
Next by Date:	RE: Fetching the vuln data programatically, Dheerendra Madhusudhana
Previous by Thread:	BLIND SQL Injection Question, Yanyan Wang
Next by Thread:	Re: BLIND SQL Injection Question, Yanyan Wang
Indexes:	[Date] [Thread] [Top] [All Lists]