Package: nikto / 1:2.1.5-3.1

Metadata

Package Version Patches format
nikto 1:2.1.5-3.1 3.0 (quilt)

Patch series

view the series file
Patch File delta Description
01path.patch | (download)

nikto.conf | 12 6 + 6 - 0 !
nikto.pl | 7 3 + 4 - 0 !
2 files changed, 9 insertions(+), 10 deletions(-)

---
02_fix_libwhisker_anti_ids.patch | (download)

plugins/nikto_core.plugin | 2 1 + 1 - 0 !
1 file changed, 1 insertion(+), 1 deletion(-)

---
03_no_init_ssl.patch | (download)

nikto.conf | 9 0 + 9 - 0 !
nikto.pl | 3 0 + 3 - 0 !
2 files changed, 12 deletions(-)

---
e759b3300aace5314fe3d30800c8bd83c81c29f7.patch | (download)

plugins/nikto_outdated.plugin | 2 1 + 1 - 0 !
plugins/nikto_report_csv.plugin | 29 19 + 10 - 0 !
2 files changed, 20 insertions(+), 11 deletions(-)

 [patch] fix csv injection issue if server responds with a malicious
 Server string & CSV output is opened in Excel or other spreadsheet app.
 Potentially malicious cell start characters are now prefaced with a ' mark.
 Thanks to Adam (@bytesoverbombs) for letting me know!

Also fixed a crash in the outdated plugin if the $sepr field ends up being something that triggers a panic in split().