You can always re-scan with just these plugins, and packet capture, for
analysis. Can be useful. With that said:
11760: Pod.Board Forum_Details.PHP Cross Site Scripting -- is this
package on the server in question? That's usually the first place I start
-- do I have the package installed that has the flaw. If I do --
typically the report will indicate the string that was used: append that
to the URL sent to the board. Try it out yourself, and see if you get the
same results. In a packet capture -- if you get the test string back in
the response anywhere from the server, that's an issue.
11694: Do you have either of the executables mentioned on the target
system? nph-psa.exe and nph-psf.exe ? Are you behind in the version of
psynch? That's what I'd like for....
15908: Apache Jakarta Cross-Site Scripting Vulnerability -- same as
11760.
First Last <mynewsid@yahoo.com>
Sent by: nessus-bounces@list.nessus.org
12/13/2007 12:59 PM
To
nessus@list.nessus.org
cc
Subject
Validation
How do you validate vulnerabilities Nessus finds? I've been working with a
server for awhile that all of the sudden supposedly has a bunch of
vulnerabilities. Below are a few of the ID's. How do I validate that the
vulnerability exists or not?
Nessus ID : 11760
Nessus ID : 11694
Nessus ID : 15908
Be a better friend, newshound, and know-it-all with Yahoo! Mobile. Try it
now._______________________________________________
Nessus mailing list
Nessus@list.nessus.org
http://mail.nessus.org/mailman/listinfo/nessus
_______________________________________________
Nessus mailing list
Nessus@list.nessus.org
http://mail.nessus.org/mailman/listinfo/nessus
