You can always re-scan with just these plugins, and packet capture, for analysis. Can be useful. With that said:
11760: Pod.Board Forum_Details.PHP Cross Site Scripting -- is this package on the server in question? That's usually the first place I start -- do I have the package installed that has the flaw. If I do -- typically the report will indicate the string that was used: append that to the URL sent to the board. Try it out yourself, and see if you get the same results. In a packet capture -- if you get the test string back in the response anywhere from the server, that's an issue. 11694: Do you have either of the executables mentioned on the target system? nph-psa.exe and nph-psf.exe ? Are you behind in the version of psynch? That's what I'd like for.... 15908: Apache Jakarta Cross-Site Scripting Vulnerability -- same as 11760. First Last <[EMAIL PROTECTED]> Sent by: [EMAIL PROTECTED] 12/13/2007 12:59 PM To [email protected] cc Subject Validation How do you validate vulnerabilities Nessus finds? I've been working with a server for awhile that all of the sudden supposedly has a bunch of vulnerabilities. Below are a few of the ID's. How do I validate that the vulnerability exists or not? Nessus ID : 11760 Nessus ID : 11694 Nessus ID : 15908 Be a better friend, newshound, and know-it-all with Yahoo! Mobile. Try it now._______________________________________________ Nessus mailing list [email protected] http://mail.nessus.org/mailman/listinfo/nessus
<<image/gif>>
_______________________________________________ Nessus mailing list [email protected] http://mail.nessus.org/mailman/listinfo/nessus
