On Thu, Nov 16, 2006 at 11:06:51AM +0700, Steven Haryanto wrote:
Can I configure Nessus to scan CGI Abuses (like vulnerabilities in Mambo, PHPBB, etc) on a subsite, e.g. www.host.com/sub1? The path "/sub1" might not be discoverable from the www.host.com, i.e. it has to be supplied by me for Nessus to know about it.
Maybe. There's a setting in the clients for the path to the CGIs (eg, on the "General" tab in NessusClient). If there's a page under "/sub1" that lists all the apps you want to test, then you just need to include "/sub1" in that setting. If there's no such page but you can enumerate the application paths, you can include those in the setting. If neither applies, you're out of luck.
George -- [EMAIL PROTECTED] _______________________________________________ Nessus mailing list [email protected] http://mail.nessus.org/mailman/listinfo/nessus
