On Thu, Dec 12, 2002 at 12:04:25PM +0100, Hartmut Steffin wrote:
> port = is_cgi_installed("some.cgi");
> if(port)security_hole(port);
>
> does is_cgi_installed *really* return a *port*?! which ports does it check?
Yes it does. It connects to all the ports listed as "Services/www" in
the KB and recognized by find_services.nes, and tries to request the
aforementioned CGI.
> i came to this as i checked webserver_robot.nasl, as it proved to (not)
> report a "true positive" :-)
> we definitely have a /robots.txt here.
>
> thinking of it: earlier we found almost everywhere a "robots.txt". now
> for a long time we never heard about that from nessus. when was the last
> change to that script?
As you can see on http://cvs.nessus.org/ (that I invite you to visit
regularly or at least when you wonder which plugin has been modified,
and when and why), it was modified nine days ago to use a the new
http-related funcs of Nessus.
Looking at the modifications, I fail to understand why it would produce
a false negative in the past and a true one recently. Did you happen to
also upgrade your version of Nessus lately ?
-- Renaud
-
[EMAIL PROTECTED]: general discussions about Nessus.
* To unsubscribe, send a mail to [EMAIL PROTECTED] with
"unsubscribe nessus" in the body.
