Case Study: Microsoft FrontPage XSS

1    #2    # This script was written by Renaud Deraison 3    #4    # See the Nessus Scripts License for details5    #6    7    if(description)8    { 9    script_id(11395);10   script_bugtraq_id(1594, 1595);11   script_version ("$Revision: 1.10 $");12   script_cve_id("CVE-2000-0746");13

The description block begins on line 7, with the Nessus ID being set on line 9. There are two associated Bugtraq IDs, which are registered and separated by commas on line 10. The script revision is 1.10 and is set on line 11.

14   name["english"] = "Microsoft Frontpage XSS";15   script_name(english:name["english"]);16   17   desc["english"] = "18   The remote server is vulnerable to Cross-Site-Scripting (XSS)19   when the FrontPage CGI /_vti_bin/shtml.dll is fed with improper20   arguments.21   22   Solution : See http://www.microsoft.com/technet/security/bulletin/ms00-060.mspx23   Risk factor : Medium";24   25   26   27   script_description(english:desc["english"]);28   29   summary["english"] = "Checks for the presence of a Frontpage XSS";30   script_summary(english:summary["english"]);31

Lines 14 and 15 register the English name of the vulnerability check. There is a brief description that is registered on lines 17 through 27. A summary is included on lines 29 and 30.

32   script_category(ACT_GATHER_INFO);33   34   <a name="1305"></a><a name="beginpage.32E18C0E-16EB-42CD-A9D4-5BD52676465A"></a>

On line...

< Previous Excerpt Next Excerpt >

Penetration Tester's Open Source Toolkit

TABLE OF CONTENTS

Case Study: Microsoft FrontPage XSS

Contact Preferences

This is embarrasing...

Customize Your GlobalSpec Experience

Select Your Free Newsletters

Industry Newsletters

Select Your Free Product Alerts

This is embarrasing...