While running a full scan against an Linux appliance device called Velocity from Fineground Networks, the my_little_forum_xss.nasl plugin reported a XSS issue on port 8083. There's not a lot of info in the output, so I checked the script and I think this is the string used to verify the XSS issue:
http://hostname:8083/cgi-bin/forum/email.php?forum_contact=";><script>foo</sc ript> Nessus did not identify any other CGI directories and I think "cgi-bin" is used by default in that case. I've used this manually (also with <script>alert("foo");</script> to get a popup instead) and I think this is a false positive. The web server does return the string, but it is in the HTTP header, not the web document (as far as I can tell). Here's an Ethereal decode of the request and reply: [From my client to the victim:] GET /forum/email.php?forum_contact=<script>foo</script> HTTP/1.1 Accept: */* Accept-Language: en-us Accept-Encoding: gzip, deflate User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; .NET CLR 1.0.3705) Host: hostname:8083 Connection: Keep-Alive [Reply from victim:] HTTP/1.0 404 Resource not found:forum/email.php?forum_contact=<script>foo</script> Content-Length: 0 Content-Type: text/html I don't think that's an XSS and I'm pretty sure they don't have My Little Forum on there. Thanks, Owen _______________________________________________ Nessus mailing list [EMAIL PROTECTED] http://mail.nessus.org/mailman/listinfo/nessus
