| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Thu, 7 Jan 2010 09:49:57 +0800 From: "Vincent Chao" <zwell.nosec@...il.com> To: "'mrx'" <mrx@...pergander.org.uk> Cc: full-disclosure@...ts.grok.org.uk Subject: Re: iiscan results Thank you for your analysis. It really helps me. And I also found the PDF report mail to us is in Chinese, in the website of iiScan, however, to see the report of html or PDF format is English (of course can change to Chinese). -----Original Message----- From: Vincent Chao [mailto:zwell.nosec@...il.com] Sent: Thursday, January 07, 2010 9:49 AM To: 'mrx' Subject: RE: [Full-disclosure] iiscan results Thank you for your analysis. It really helps me. And I also found the PDF report mail to us is in Chinese, in the website of iiScan, however, to see the report of html or PDF format is English (of course can change to Chinese). -----Original Message----- From: full-disclosure-bounces@...ts.grok.org.uk [mailto:full-disclosure-bounces@...ts.grok.org.uk] On Behalf Of mrx Sent: Wednesday, January 06, 2010 8:45 PM To: full-disclosure@...ts.grok.org.uk Subject: [Full-disclosure] iiscan results -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Well, this scanner managed to find a couple of low level vulnerabilities on my site which were missed by both Nikto and Nessus. Two directories allowed a directory listing and a test.php file I created, an information disclosure vulnerability, was also detected. My dumb ass forgot to delete this "test.php" file after I finished testing the server. Possible sensitive directories were also listed, however browsing to these directories returned 403 errors, blank pages or a wordpress logon prompt, which is what I expected. So all in all this scanner seems to do it's job well. At least for a LAMP server running wordpress Of course I have addressed the vulnerabilities reported. My command of the Chinese language is limited to zero, so I cannot understand the pdf report emailed to me nor the information within the web based report. Hopefully the developers will address this language problem. regards mrx - -- Mankind's systems are white sticks tapping walls. Thanks Roy http://www.propergander.org.uk -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.2 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iQEVAwUBS0SF07Ivn8UFHWSmAQJa6Af/SFXSbRfQHm79l+E8PKmlOo7Bs4mfk54Q SigZdLS6v0M4BXvUp3io7TvOBR7CD4p6JxCZLE9dHHrRIW9YMHqYxoPe/PY9CQGr G2yaovGV+nk33dcHJaEgI3LG12Ww3131dfpHX6FgZty8aEIeb16BBpKWPe6A2TUG 9FfPq6rL7DzO55rp1vbljIC2OToQN815LA6lOtYWDbbhzPVaMXARDK0r491mXX+O grgEchWlTwP4gXEgB299O6gCZCUaMlxYuWdKh43Rrnqm7l5aIG+fuJkomuy98kX3 nbjsem9AFwQqhGIoWxGlR5a1TC/SQCqgc38XufT4gr7RV+rKuoD3BA== =6cbx -----END PGP SIGNATURE----- _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Powered by blists - more mailing lists