Adding a CGI vulnerability check

When creating new CGI vulnerability checks, you do not need to create a VB or SSH script. In fact, the scanning functionality of CGI checks is configurable through the options included in the check properties dialog.

4. Click on the Add button. This will bring up the new CGI vulnerability check dialog.

5. Specify the basic details of this vulnerability check such as the name, short description, security level, and BugtraqID/URL (if applicable). Optionally, you can also specify how long the check takes to execute.

6. In the `Trigger condition' area of the dialog, specify the following parameters:

`HTTP method' - Specify the type of http request that the CGI vulnerability check will use when querying information. CGI vulnerability checks supports 2 HTTP methods which are the `GET method' and the `HEAD method'.

`To check for the URL:' - Specify the name of the CGI script that will be executed during target computer scanning.

`Under the Directories:' - Specify the directories where the CGI script is located.

`Return String' - Specify the expected result string. GFI LANguard N.S.S. defines if this check is successful by comparing the specified return string to the text in the check results. This text comparison is carried out using specific conditions which are set by selecting one of the following options:

`Contains any text' - Select this option if you want the check to be successful when any part of the specified string is present in the check results.

`Contains the text' - Select this option if you want the check to be successful ONLY when the specified string is entirely present in the check results.

`Contains the text' - Select this option if you want the check to be successful ONLY when the specified string is NOT present in the check results.

NOTE: To automatically include new checks in the next target computer scan, click on the Advanced button and set the `New vulnerabilities are enabled by default' option to `Yes'.