Re: Starting CGI Abuses scans on a subsite

To:	nessus@nessus.org
Subject:	Re: Starting CGI Abuses scans on a subsite
From:	"George A. Theall" <theall@tenablesecurity.com>
Date:	Thu, 16 Nov 2006 07:15:23 -0500
Cc:
Delivered-to:	sp-com-lists@consult.net
Delivered-to:	nessus-list1@securepoint.com
Delivered-to:	nessus@nessus.org
In-reply-to:	<a4004e940611152006y3c5c5bb3m7b45a26a6375715a@mail.gmail.com>
List-archive:	<http://mail.nessus.org/pipermail/nessus>
List-help:	<mailto:nessus-request@list.nessus.org?subject=help>
List-id:	Discussion of Nessus software <nessus.list.nessus.org>
List-post:	<mailto:nessus@list.nessus.org>
List-subscribe:	<http://mail.nessus.org/mailman/listinfo/nessus>, <mailto:nessus-request@list.nessus.org?subject=subscribe>
List-unsubscribe:	<http://mail.nessus.org/mailman/listinfo/nessus>, <mailto:nessus-request@list.nessus.org?subject=unsubscribe>
References:	<a4004e940611152006y3c5c5bb3m7b45a26a6375715a@mail.gmail.com>
Sender:	nessus-bounces@list.nessus.org
User-agent:	Thunderbird 1.5.0.8 (X11/20061110)

To:

nessus@nessus.org

Subject:

Re: Starting CGI Abuses scans on a subsite

From:

"George A. Theall" <theall@tenablesecurity.com>

Date:

Thu, 16 Nov 2006 07:15:23 -0500

Cc:

Delivered-to:

sp-com-lists@consult.net

Delivered-to:

nessus-list1@securepoint.com

Delivered-to:

nessus@nessus.org

In-reply-to:

<a4004e940611152006y3c5c5bb3m7b45a26a6375715a@mail.gmail.com>

List-archive:

<http://mail.nessus.org/pipermail/nessus>

List-help:

<mailto:nessus-request@list.nessus.org?subject=help>

List-id:

Discussion of Nessus software <nessus.list.nessus.org>

List-post:

<mailto:nessus@list.nessus.org>

List-subscribe:

<http://mail.nessus.org/mailman/listinfo/nessus>, <mailto:nessus-request@list.nessus.org?subject=subscribe>

List-unsubscribe:

<http://mail.nessus.org/mailman/listinfo/nessus>, <mailto:nessus-request@list.nessus.org?subject=unsubscribe>

References:

<a4004e940611152006y3c5c5bb3m7b45a26a6375715a@mail.gmail.com>

Sender:

nessus-bounces@list.nessus.org

User-agent:

Thunderbird 1.5.0.8 (X11/20061110)

On Thu, Nov 16, 2006 at 11:06:51AM +0700, Steven Haryanto wrote:

Can I configure Nessus to scan CGI Abuses (like vulnerabilities in
Mambo, PHPBB, etc) on a subsite, e.g. www.host.com/sub1? The path
"/sub1" might not be discoverable from the www.host.com, i.e. it has
to be supplied by me for Nessus to know about it.

Maybe. There's a setting in the clients for the path to the CGIs (eg, onthe "General" tab in NessusClient). If there's a page under "/sub1" thatlists all the apps you want to test, then you just need to include"/sub1" in that setting. If there's no such page but you can enumeratethe application paths, you can include those in the setting. If neitherapplies, you're out of luck.



George
--
theall@tenablesecurity.com
_______________________________________________
Nessus mailing list
Nessus@list.nessus.org
http://mail.nessus.org/mailman/listinfo/nessus

<Prev in Thread]	Current Thread	[Next in Thread>
Starting CGI Abuses scans on a subsite, Steven Haryanto Re: Starting CGI Abuses scans on a subsite, George A. Theall <=

<Prev in Thread]

Current Thread

[Next in Thread>

Previous by Date:	Nessus Digest, Vol 37, Issue 13, summy mittal
Next by Date:	Resume failed scans, Larry Petty
Previous by Thread:	Starting CGI Abuses scans on a subsite, Steven Haryanto
Next by Thread:	Scanning web applications on a subsite?, Steven Haryanto
Indexes:	[Date] [Thread] [Top] [All Lists]