On Sat, Dec 09, 2006 at 11:07:33AM +0800, Muhaimin Bin Dzulfakar wrote:
I found a vulnerability with plugin id 14685 which is equal to
CVE-2004-1665. The plugin shows that it checks on index.php for cross
site scripting
Right. Look at the original advisory:
http://archives.neohapsis.com/archives/bugtraq/2004-09/0066.html
It shows exploits that work through index.php.
but from the vendor site,
http://psnews.sourceforge.net/, you can find all the source code are
coded with asp.
The original advisory doesn't actually specify the vendor, only the
product name. I suspect one of the vulnerability databases assumed
incorrectly that the vendor was http://psnews.sourceforge.net/ and the
others copied that information without verifying it as Bugtraq / OSVDB /
CVE / SecurityTracker / etc all reference that. If you search for sites
with "Powered by PsNews", though, you'll turn up a lot of Polish sites
that use something called PsNews from IMPSystems, http://www.imps.pl/.
And if you explore them, you'll see they use PHP as well as the same
parameter arguments as in the original advisory; eg,
http://free.of.pl/t/toxnews/index.php?function=add_kom&no=44
George
--
theall@tenablesecurity.com
_______________________________________________
Nessus mailing list
Nessus@list.nessus.org
http://mail.nessus.org/mailman/listinfo/nessus
|