[Nikto-discuss] Oh Dear!
David Klein
davidkl at ivision.com.au
Tue Sep 29 06:44:04 UTC 2009
Hi David,
Thanks for the reply, it was version 2.1.0 and I have melted the box.
I will let you know if I can get Nikto on a machine again shortly to
test it.
Regards,
David Klein
-----Original Message-----
From: David Lodge [mailto:dave at cirt.net]
Sent: Tuesday, September 29, 2009 4:30 PM
To: David Klein
Cc: nikto-discuss at attrition.org
Subject: Re: [Nikto-discuss] Oh Dear!
On Tue, 2009-09-29 at 13:15 +1000, David Klein wrote:
> Integer overflow in hexadecimal number at
> /pentest/scanners/nikto/plugins/nikto_headers.plugin line 203, <IN>
line
> 279.
That's really not good - which version are you using? According to the
latest 2.1.0, that line is:
$reportnum++;
Which has the potential to overflow, but only if something has gone
really pear shaped. And chance of a -D d dump of this session (or at
least see the headers it produces for a GET /)
Ta
dave
More information about the Nikto-discuss
mailing list