for example: my domain is www.test.com in 127.0.0.1, but 127.0.0.1 is a virtual host which has serve many domain,so it is impossible to correct and inspect the phpmyadmin vulnerability beacuse openvas always tranform hostname to ip
and i just did some research and found some interesting results. if i add the Preferences setting "reverse_lookup = > yes" within openvassd.conf, it can correctly find the vuln,so what's the reason? 2012/1/11 Juan José Pavlik Salles <[email protected]> > What's your target hostname? 127.0.0.1 or www? > > 2012/1/10 insight labs <[email protected]> > >> Hello folks, >> i have a problem about openvas inspecting web vulnerability ,for my >> manual testing i think this issue is a gsad transform domain to ip >> for example: >> enable (phpMyAdmin Setup $host Variable Cross Site Scripting >> Vulnerability) >> rules >> >> Actually we know it rules inspect the phpmyadmin vulnerability, but my >> hosting is a virtual machine (have many domain running on the one ip) >> >> assume our hosting is virtual,so if inspect below >> http://127.0.0.1/phpmyadmin --> not found phpmyadmin >> http://www/phpmyadmin ---> found phpmyadmin >> >> does someone encountered this problem ? and how to reslove? >> >> Thanks >> >> _______________________________________________ >> Openvas-discuss mailing list >> [email protected] >> http://lists.wald.intevation.org/mailman/listinfo/openvas-discuss >> >> > > > -- > Pavlik Juan José >
_______________________________________________ Openvas-discuss mailing list [email protected] http://lists.wald.intevation.org/mailman/listinfo/openvas-discuss
