The mailing list for listmasters using Sympa

[Riccardo Veraldi <address@concealed>]

Yes I know about topics.conf and I have a customized one,
but there is no evidence of those strange topics in the file, so this is 
very weird to me...

thanks anyway

Riccardo


David Verdin wrote:
> Hi ricardo,
>
> The topics are defined in a config file: 
> https://www.sympa.org/manual_6.1/customizing#topics
>
> So I guess that one way or another, the nessus scan changed this file.
>
> Cheers,
>
> David
>
> Le 15/07/2010 12:38, Riccardo Veraldi a écrit :
> > Hello,
> >
> > after a nessus Scan my sympa server is showing strange topics strings 
> > in the topics home page like
> >
> > nessus
> > snoop
> > SnoopServlet
> > struts
> >
> >
> > I found these entries in the sympa database under logs_table.
> > I deleted them, and apparently everything was back to normality.
> >
> > Now after a few weeks these strange topics entries are appearing 
> > again and disappearing
> > upon a Reload in the browser of the main sympa page...
> > I am sure there is no cache in the browser.
> >
> > I have been searching everywhere and I Could not find any existence 
> > of the topics mentioned above
> > in the DB or elsewhere so I am unable to delete these topcis from the 
> > main sympa Home page.
> >
> > Any hints ?
> > Where wwsympa is reading those topics, and why prints them ?
> >
> >
> > Anyway Nessus is able to do a sort of SQL injection and write topics 
> > during a nessus SCAN on sympa.
> >
> > my sympa version is 6.0.1 on Centos 5.5
> >
> >
> > thank you very much
> >
> >
> >
> > Riccardo
>
> --
> David Verdin
> Comité réseau des universités
>
> Due to the limitations of human brain, I fail to remember all the mails.
> So if you want your bug reports or feature requests for Sympa to be 
> processed, please post them to the Sympa tracker 
> <https://sourcesup.cru.fr/tracker/?group_id=23>