DCShop Plugin

[Mike.Vasquez@cityofmesa.org]

I'm trying to track down some information
regarding a DCShop vulnerability to attempt to resolve the source of a
false positive I'm seeing.

A 3rd party scan returned this result:
"We detected a vulnerable version
of the DCShop CGI. This
version does not properly protect user
and credit card
information. It is possible to access
files that contain
administrative passwords, current and
pending
transactions and credit card information
(along with name,
address, etc)."

I have a Nessus 3.0 install on a windows
server.  There is no sign of a dcshop plugin.  Googling found:
http://mail.nessus.org/pipermail/nessus-cvs/2003-April/msg00131.html -
"dcshop_information_disclosure.nasl"

I have definitely updated my plugins,
but I do not see this particular plugin anywhere.  My install was
done last week and I have over 14,000 files in the scripts folder, but
nothing with "dcshop".

So, is this an older / retired / bad
plugin?  Or is it incompatible with 3.0?  I download the linux
plugins package for 2.x (nessus-plugins-2.2.9.tar.gz) and nothing "dcshop"
seems to be in there, either.  so any information appreciated.

Thanks,

Mike Vasquez

_______________________________________________
Nessus mailing list
Nessus@list.nessus.org
http://mail.nessus.org/mailman/listinfo/nessus