bug in script #11807
Allan Zhang
zhangliangsd at hotmail.com
Thu Jan 6 22:20:06 EST 2005
The easiest way to fix this pattern is to get rid of the "*". see below:
if(ereg(pattern:".*PHP/4\.3\.[0-2][^0-9]", string:serv))
bug
----- Original Message -----
From: Marcin Gryszkalis<mailto:mg at fork.pl>
To: nessus at list.nessus.org<mailto:nessus at list.nessus.org>
Sent: January 1, 2005 7:01 PM
Subject: bug in script #11807
I'm not sure if it's the right place to report this, but script #11807
(php_4_3_x_safe_mode_include.nasl) reports false positives, it checks
for php < 4.3.3 but the regexp is wrong:
if(ereg(pattern:".*PHP/4\.3\.[0-2][^0-9]*", string:serv))
and 4.3.10 matches the pattern, it should be something like
if(ereg(pattern:".*PHP/4\.3\.[0-2]([^0-9]|$)", string:serv))
but the syntax depends on type of regex library.
regards
--
Marcin Gryszkalis
jabber jid:mg at chrome.pl, gg:2532994
http://the.fork.pl<http://the.fork.pl/>
PGP 0x9F183FA3
_______________________________________________
Nessus mailing list
Nessus at list.nessus.org<mailto:Nessus at list.nessus.org>
http://mail.nessus.org/mailman/listinfo/nessus<http://mail.nessus.org/mailman/listinfo/nessus>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://mail.nessus.org/pipermail/nessus/attachments/20050106/208fb1c1/attachment.html
More information about the Nessus
mailing list