[Openvas-discuss] GhostScripter Amazon Shop Multiple Vulnerabilities False possitive?

Juan José Pavlik Salles jjpavlik at gmail.com
Thu Aug 9 00:41:30 CEST 2012


Oh my god, my bad. I ran the test, to a different vm, i'm so sorry guys.
Won't happen again, thanks!

2012/8/8 Michael Meyer <michael.meyer at greenbone.net>

> *** Juan José Pavlik Salles wrote:
>
> > Then it's a false positive,
>
> The code doesn't look like it's prone to FPs.
>
> -----
> if (
>     ereg(pattern:"^HTTP/[0-9]\.[0-9] 200 .*", string:buf) &&
>     egrep(pattern:"<script>alert\(document\.cookie\);</script>", string:
> buf)
>   ) {
>        security_hole(port:port);
> -----
>
> > how can i report it to be checked??
>
> You already did. I can't see any problems in the NVT.
>
> Micha
>
> --
> Michael Meyer                            OpenPGP Key: 52A6EFA6
> http://www.greenbone.net/
> Greenbone Networks GmbH, Neuer Graben 17, 49074 Osnabrück | AG
> Osnabrück, HR B 202460
> Geschäftsführer: Lukas Grunwald, Dr. Jan-Oliver Wagner
> _______________________________________________
> Openvas-discuss mailing list
> Openvas-discuss at wald.intevation.org
> http://lists.wald.intevation.org/cgi-bin/mailman/listinfo/openvas-discuss
>



-- 
Pavlik Juan José
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.wald.intevation.org/pipermail/openvas-discuss/attachments/20120808/41c07f60/attachment.html>


More information about the Openvas-discuss mailing list