On Thu, Oct 03, 2002 at 08:13:58AM -0700, Mike Raft wrote:
> Excuse my ignorance but I got a high vulnerability for
> the subject plugin with the following explanation:
>
> The following requests seem to allow the reading of
> sensitive files or XSS. You should manually try them
> to see if anything bad happens:
> /library/libfileshtm.asp?show=Y&file=xxx.htm?show=<script>alert('foo')</script>
>
> Is nessus telling me to type the above command
> directly into the URL to test this vuln or do I need
> to fill in parameters for <script>?
Yes, try this exact URL and if an alert pops-up, the remote CGI is vulnerable to
Cross-Site Scripting (XSS).
-- Renaud
-
[EMAIL PROTECTED]: general discussions about Nessus.
* To unsubscribe, send a mail to [EMAIL PROTECTED] with
"unsubscribe nessus" in the body.
