The mailing list for listmasters using Sympa

[David Verdin <address@concealed>]

Hi ricardo,

The topics are defined in a config file: https://www.sympa.org/manual_6.1/customizing#topics

So I guess that one way or another, the nessus scan changed this file.

Cheers,

David

Le 15/07/2010 12:38, Riccardo Veraldi a écrit :

address@concealed">
Hello,

after a nessus Scan my sympa server is showing strange topics strings in the topics home page like

nessus
snoop
SnoopServlet
struts


I found these entries in the sympa database under logs_table.
I deleted them, and apparently everything was back to normality.

Now after a few weeks these strange topics entries are appearing again and disappearing
upon a Reload in the browser of the main sympa page...
I am sure there is no cache in the browser.

I have been searching everywhere and I Could not find any existence of the topics mentioned above
in the DB or elsewhere so I am unable to delete these topcis from the main sympa Home page.

Any hints ?
Where wwsympa is reading those topics, and why prints them ?


Anyway Nessus is able to do a sort of SQL injection and write topics during a nessus SCAN on sympa.

my sympa version is 6.0.1 on Centos 5.5


thank you very much



Riccardo

--
David Verdin
Comité réseau des universités

Due to the limitations of human brain, I fail to remember all the mails.
So if you want your bug reports or feature requests for Sympa to be processed, please post them to the Sympa tracker