bug in script #11807
Marcin Gryszkalis
mg at fork.pl
Sat Jan 1 19:01:21 EST 2005
I'm not sure if it's the right place to report this, but script #11807
(php_4_3_x_safe_mode_include.nasl) reports false positives, it checks
for php < 4.3.3 but the regexp is wrong:
if(ereg(pattern:".*PHP/4\.3\.[0-2][^0-9]*", string:serv))
and 4.3.10 matches the pattern, it should be something like
if(ereg(pattern:".*PHP/4\.3\.[0-2]([^0-9]|$)", string:serv))
but the syntax depends on type of regex library.
regards
--
Marcin Gryszkalis
jabber jid:mg at chrome.pl, gg:2532994
http://the.fork.pl
PGP 0x9F183FA3
More information about the Nessus
mailing list