| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Thu, 07 Jan 2010 12:00:33 +0000 From: mrx <mrx@...pergander.org.uk> To: full-disclosure@...ts.grok.org.uk Subject: Re: iiscan results -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Vincent, Although the actual results of the scan were displayed in English in the online html report, the suggested solutions were in fact in Chinese. Checking my access logs reveals multiple attempts of the same attack/probe, for example multiple identical POSTs to the same page: 216.18.22.46 - - [06/Jan/2010:11:33:01 +0000] "POST /properblog/wp-login.php HTTP/1.0" 200 2554 "-" "Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; .NET CLR 2.0.50727) NOSEC.JSky/1.0" There are around 100 entries identical to the above in my log. I don't know if this is by design or not but it does seem to be a little inefficient. I also noticed there were no attempts at information disclosure via the TRACE method, nor were any attempts made at SQL injection despite my selecting "all" in the scan options. Not that my site is vulnerable in any way ;-) Hope this helps regards mrx Vincent Chao wrote: > Thank you for your analysis. It really helps me. > > And I also found the PDF report mail to us is in Chinese, in the website of > iiScan, however, to see the report of html or PDF format is English (of > course can change to Chinese). > > -----Original Message----- > From: full-disclosure-bounces@...ts.grok.org.uk > [mailto:full-disclosure-bounces@...ts.grok.org.uk] On Behalf Of mrx > Sent: Wednesday, January 06, 2010 8:45 PM > To: full-disclosure@...ts.grok.org.uk > Subject: [Full-disclosure] iiscan results > > Well, this scanner managed to find a couple of low level vulnerabilities on > my site which were missed by both Nikto and Nessus. > > Two directories allowed a directory listing and a test.php file I created, > an information disclosure vulnerability, was also detected. My dumb > ass forgot to delete this "test.php" file after I finished testing the > server. > > Possible sensitive directories were also listed, however browsing to these > directories returned 403 errors, blank pages or a wordpress logon > prompt, which is what I expected. > > So all in all this scanner seems to do it's job well. At least for a LAMP > server running wordpress > > Of course I have addressed the vulnerabilities reported. > > My command of the Chinese language is limited to zero, so I cannot > understand the pdf report emailed to me nor the information within the web > based report. Hopefully the developers will address this language problem. > > regards > mrx > > _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ - -- Mankind's systems are white sticks tapping walls. Thanks Roy http://www.propergander.org.uk -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.2 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iQEVAwUBS0XM4bIvn8UFHWSmAQIG9QgAr+sNvPzgo+HoimQ1xo/hzcSjT4zf6EsN sFkVxjg3yOZyFqnDDEo74YQyAIedSwNDwVKGXwTMgt+aENPCbQjfJNDPuWe1rJns ZzCwWTNuKnoqMKqJZM9lmwCc5pg/Bb88ztwxMbGXETsPW1kbIwsuuxVajWC+k+WW Q8LXngbLzaUD3htQ0Sl+pRPk5ezAF2krD6dhYNbTDQdW5RCyVHCMQ7x/ixYEgSaC AL80eWUo/GnAC36PDr9Vh1cCrETo9lM2z7YGKNr99776WyxCASrbY1pshx/IS2Ou GzCz60bXLWsf0ZiSuUZJG5IWN20NFkkSgv+xz2uR96kq+p6Q8QNXyQ== =XI+8 -----END PGP SIGNATURE----- _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Powered by blists - more mailing lists