[Openvas-commits] r3146 - in trunk/openvas-plugins: . scripts

Mon Apr 20 23:27:26 CEST 2009

Author: edjenguele
Date: 2009-04-20 23:27:24 +0200 (Mon, 20 Apr 2009)
New Revision: 3146

Modified:
   trunk/openvas-plugins/ChangeLog
   trunk/openvas-plugins/scripts/remote-detect-ApacheOfbiz.nasl
Log:
Minors changes, modified request, added a loop
to check for additional OFBiz modules
TODO: detect version
TODO: default login/password vulnerability test


Modified: trunk/openvas-plugins/ChangeLog
===================================================================

--- trunk/openvas-plugins/ChangeLog	2009-04-20 12:33:23 UTC (rev 3145)
+++ trunk/openvas-plugins/ChangeLog	2009-04-20 21:27:24 UTC (rev 3146)
@@ -1,3 +1,8 @@
+2009-04-20 Christian Eric Edjenguele <christian.edjenguele at owasp.org>
+	* scripts/remote-detect-ApacheOfbiz.nasl:
+	Minors changes, modified request, added a loop
+	to check for additional OFBiz modules
+
 2009-04-20 Chandrashekhar B <bchandra at secpod.com>
 	* scripts/gb_phpmyadmin_mult_vuln_apr09.nasl,
 	scripts/gb_wireshark_mult_vuln_apr09_lin.nasl,

Modified: trunk/openvas-plugins/scripts/remote-detect-ApacheOfbiz.nasl
===================================================================
--- trunk/openvas-plugins/scripts/remote-detect-ApacheOfbiz.nasl	2009-04-20 12:33:23 UTC (rev 3145)
+++ trunk/openvas-plugins/scripts/remote-detect-ApacheOfbiz.nasl	2009-04-20 21:27:24 UTC (rev 3146)
@@ -72,41 +72,35 @@
 
 port = 8443;
 
-request = string(
-    "GET /webtools/control/main", " HTTP/1.0\r\n",
-    "Host: ", get_host_name(), "\r\n\r\n",
-    "User-Agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.9.0.8) Gecko/2009032711 Ubuntu/8.10 (intrepid) Firefox/3.0.8\r\n",
-    "Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8\r\n",
-    "Accept-Encoding: gzip,deflate\r\n",
-    "Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7\r\n",
-    "Accept-Language: en-us,en;q=0.5\r\n",
-    "Content-Lenght: 16000\r\n",
-    "Keep-Alive: 300\r\n",
-    "Connection: keep-alive\r\n\r\n"
-    );
+# Additional modules are also available
+modules = make_list('accounting/control/main','partymgr/control/main','webtools/control/main','ordermgr/control/main');
+report = '';
+response = '';
 
+foreach module (modules){
+	request = string("GET /", module, " HTTP/1.0\r\n","Host: ", get_host_name(), "\r\n\r\n");
 
-reply = https_req_get(port, request);
+	reply = https_req_get(port, request);
 
-response = tolower(reply);
-report = '';
+	response = tolower(reply);
 
-servletContainer = eregmatch(pattern:"Server: Apache-Coyote/([0-9.]+)",string:response, icase:TRUE);
-ofbizTitlePattern = eregmatch(pattern:"<title>([a-zA-Z: ]+)</title>",string:response, icase:TRUE);
-# TODO: also grab ofbiz version
+	servletContainer = eregmatch(pattern:"Server: Apache-Coyote/([0-9.]+)",string:response, icase:TRUE);
+	ofbizTitlePattern = eregmatch(pattern:"<title>([a-zA-Z: ]+)</title>",string:response, icase:TRUE);
+	# TODO: also grab ofbiz version
 
-if(ofbizTitlePattern){
-	if('ofbiz' >< ofbizTitlePattern[1])
-		report += "Detected Apache Open For Business Home Page Title[" + ofbizTitlePattern[1] +"]";
-		set_kb_item(name:"ApacheOFBiz/installed", value:TRUE);
-		# TODO: set ofbiz version
+	if(ofbizTitlePattern){
+		if('ofbiz' >< ofbizTitlePattern[1]){
+			report += "Detected Apache Open For Business Module[" + ofbizTitlePattern[1] +"]";
+			replace_or_set_kb_item(name:"ApacheOFBiz/installed", value:TRUE);
+			# TODO: set ofbiz version
 
-		if((servletContainer)){
-			set_kb_item(name:"ApacheCoyote/installed", value:TRUE);
-			set_kb_item(name:"ApacheCoyote/version", value:servletContainer[1]);
-			report += "\n" + servletContainer[0];
+			if((servletContainer)){
+				replace_or_set_kb_item(name:"ApacheCoyote/installed", value:TRUE);
+				replace_or_set_kb_item(name:"ApacheCoyote/version", value:servletContainer[1]);
+				report += "\n" + servletContainer[0];
+			}
 		}
+	}
+	if(report)
+		security_note(port:port, data:report);
 }
-if(report)
-	security_note(port:port, data:report);
-

