*** insight labs <[email protected]> wrote: > i have a problem about openvas inspecting web vulnerability ,for my manual > testing i think this issue is a gsad transform domain to ip > for example: > enable (phpMyAdmin Setup $host Variable Cross Site Scripting Vulnerability) > rules > > Actually we know it rules inspect the phpmyadmin vulnerability, but my > hosting is a virtual machine (have many domain running on the one ip) > > assume our hosting is virtual,so if inspect below > http://127.0.0.1/phpmyadmin --> not found phpmyadmin > http://www/phpmyadmin ---> found phpmyadmin
GSA -> Scan Configs -> Edit Scan Config -> vhosts: host1.com,host2.com,host3.com <- No whitespaces! vhosts_ip: 127.0.0.1 Target IP must be the same as vhosts_ip. HTH Micha -- Michael Meyer OpenPGP Key: 52A6EFA6 http://www.greenbone.net/ Greenbone Networks GmbH, Neuer Graben 17, 49074 Osnabrück | AG Osnabrück, HR B 202460 Geschäftsführer: Lukas Grunwald, Dr. Jan-Oliver Wagner _______________________________________________ Openvas-discuss mailing list [email protected] http://lists.wald.intevation.org/mailman/listinfo/openvas-discuss
