Hi,
I'm having a trouble with $SUBJ$ plugin. Plugin is launched in regular
scan ( safechecks disabled, auto dependencies enabled ). Target is
running WinXP build 2600, ENG, SP2. Plugin triggers an alert, but host
is NOT vulnerable - I tested it with Metasploit Framework.
I strongly suspect this if condition :
if (egrep(pattern:".*The remote procedure call failed*", string: r) ||
# First match fails on localized Windows
("HTTP/1.1 500 Server Error" >< r && "<html><head><title>Error</title>" >< r))
security_hole(port);
when I tried to exploit the hole manually I got following output :
host:/boot # telnet target 80
Trying target...
Connected to target.
Escape character is '^]'.
GET /_vti_bin/_vti_aut/fp30reg.dll?<a lot of aaaaaa here> HTTP/1.0
HTTP/1.1 500 Server Error
Server: Microsoft-IIS/5.1
Date: Thu, 24 Feb 2005 12:31:01 GMT
Content-Type: text/html
Content-Length: 100
<html><head><title>Error</title></head><body>The specified module
could not be found. </body></html>Connection closed by foreign host.
Any suggestions are welcome.
Regards,
--
Pavol "][ce" Oetter
_______________________________________________
Nessus mailing list
[email protected]
http://mail.nessus.org/mailman/listinfo/nessus
