On the 404, it just seems that my scans have been triggering this plugin a lot lately. When I go to validate, the server does usually have a 404 page.
Maybe I'm missing something in my XSS testing. Below is a list of triggered plugins: Port 8080 No 404 Check - ID 10386 Pod.Board Forum_Details.PHP Cross Site Scripting - 11760 P-Synch multiple issues - 11694 Apache Jakarta Cross-Site Scripting Vulnerability - 15908 SWsoft Plesk Reloaded Cross Site Scripting Vulnerability - 14369 Faq-O-Matic fom.cgi XSS - 15540 UseModWiki Cross-Site Scripting - 15967 DCP-Portal XSS - 11446 ezPublish Cross Site Scripting Bugs - 11449 PhotoADay Cross-Site Scripting Vulnerability - 14357 Goollery Multiple XSS - 15717 TMax Soft Jeus Cross Site Scripting - 11764 testcgi.exe Cross Site Scripting - 11610 PHP-CSL Cross Site Scripting Vulnerability - 14368 pmachine cross site scripting - 11766 Neoteris IVE XSS - 11608 ASP Portal XSS - 12057 PsNews XSS - 14685 ----- Original Message ---- From: George A. Theall <[EMAIL PROTECTED]> To: [email protected] Sent: Thursday, December 13, 2007 4:17:24 PM Subject: Re: Validation On 12/13/07 16:11, First Last wrote: > The server does not have XSS issues, so that's why I was questioning > these plugins. It would be useful then to see a packet capture of running those plugins against the affected port(s). Each of those plugins apparently saw the Javascript they sent in response packets. > Especially since this scan generated about 10 different > vulnerabilities with about 10 different apps. What vulnerabilities beyond the three you already mentioned? > Side note * No 404 Check was triggered but > false positive... I find this a lot. Would you explain or provide an example? If it's really an issue, I'd like to try to correct it. > Another point I should mention that my be throwing Nessus a loop... > these vulnerabilities are not on port 80, but 8080,8081, and 8082. Nessus shouldn't care. George -- [EMAIL PROTECTED] _______________________________________________ Nessus mailing list [email protected] http://mail.nessus.org/mailman/listinfo/nessus ____________________________________________________________________________________ Be a better friend, newshound, and know-it-all with Yahoo! Mobile. Try it now. http://mobile.yahoo.com/;_ylt=Ahu06i62sR8HDtDypao8Wcj9tAcJ
_______________________________________________ Nessus mailing list [email protected] http://mail.nessus.org/mailman/listinfo/nessus
