Port 443 and xss
ian acces
ian at acces.co.jp
Mon Apr 4 20:19:43 EDT 2005
George,
Thanks for the reply.
> I suspect you're basing your statement on seeing a NASL
> statement such as "script_require_ports("Services/www",
> 80);" in the source.
That's correct. That's what I did.
> This doesn't mean that the plugin
> should only run against port 80 but rather that, if optimize
> mode is enabled, the script will run only if port 80 ***or a
> port identified as running a web service*** is open.
Thank you for that information.
> Also, have
> you tried actually running the plugins in question against a
> target with a web server on port 443?
Yes, we have but at the time possibly only static html pages with no input
fields were being served, hence the total lack of any xss alerts.
Ian Masters
More information about the Nessus
mailing list