[Openvas-commits] r3195 - in trunk/openvas-plugins: . scripts

scm-commit@wald.intevation.org scm-commit at wald.intevation.org
Fri Apr 24 21:45:27 CEST 2009 

Author: edjenguele
Date: 2009-04-24 21:45:26 +0200 (Fri, 24 Apr 2009)
New Revision: 3195

Added:
   trunk/openvas-plugins/scripts/remote-Opentaps-htmlIjection.nasl
Modified:
   trunk/openvas-plugins/ChangeLog
   trunk/openvas-plugins/scripts/remote-ApacheOfbiz-htmlInjection.nasl
   trunk/openvas-plugins/scripts/remote-detect-ApacheOfbiz.nasl
Log:
Added Opentaps security check
Minor changes in ofbiz scripts: reformatte, set script_require_keys


Modified: trunk/openvas-plugins/ChangeLog
===================================================================
--- trunk/openvas-plugins/ChangeLog	2009-04-24 18:04:08 UTC (rev 3194)
+++ trunk/openvas-plugins/ChangeLog	2009-04-24 19:45:26 UTC (rev 3195)
@@ -1,3 +1,11 @@
+2009-04-24 Christian Eric Edjenguele <christian.edjenguele at owasp.org>
+	* scripts/remote-ApacheOfbiz-htmlInjection.nasl,
+	* scripts/remote-detect-ApacheOfbiz.nasl,
+	* scripts/remote-Opentaps-htmlIjection.nasl:
+	Added new script remote-Opentaps-htmlIjection.nasl
+	Modified ofbiz scripts
+	
+
 2009-04-24 Michael Meyer <mime at gmx.de>
 	* scripts/dokeos_34633.nasl,
 	scripts/notftp_detect.nasl,

Modified: trunk/openvas-plugins/scripts/remote-ApacheOfbiz-htmlInjection.nasl
===================================================================
--- trunk/openvas-plugins/scripts/remote-ApacheOfbiz-htmlInjection.nasl	2009-04-24 18:04:08 UTC (rev 3194)
+++ trunk/openvas-plugins/scripts/remote-ApacheOfbiz-htmlInjection.nasl	2009-04-24 19:45:26 UTC (rev 3195)
@@ -39,22 +39,22 @@
 Solution :
 Download the latest release form Apache Software Foundation (OFBiz) website
 
-Risk factor : None";
+Risk factor : Low";
 
 script_description(english:desc["english"]); 
 
-summary["english"] = "Apache Open For Business security check";
+summary["english"] = "Apache Open For Business XSS security check";
 
 script_summary(english:summary["english"]);
 
 script_category(ACT_ATTACK);
 
 script_copyright(english:"This script is Written by Christian Eric Edjenguele <christian.edjenguele at owasp.org> and released under GPL v2 or later");
-family["english"] = "CGI abuses";
+family["english"] = "CGI abuses: XSS";
 script_family(english:family["english"]);
 script_dependencies("find_service.nes","remote-detect-ApacheOfbiz.nasl");
 script_require_ports("Services/www");
-script_require_keys("ApacheOFBiz/installed","ApacheOFBiz/version");
+script_require_keys("ApacheOFBiz/installed","ApacheOFBiz/version", "ApacheOFBiz/port");
 
 exit(0);
 
@@ -67,20 +67,20 @@
 include("misc_func.inc");
 include("revisions-lib.inc");
 
-port = 8443;
+port = get_kb_item("ApacheOFBiz/port");
 report = '';
 
-if(!get_kb_item("ApacheOFBiz/installed") || !get_kb_item("ApacheOFBiz/version"))
+if(!get_kb_item("ApacheOFBiz/installed") || !get_kb_item("ApacheOFBiz/version") || !port)
         exit(0);
 
 else {
 	version = get_kb_item("ApacheOFBiz/version");
 
 	if(revcomp(a:version, b:"3.0.0") <= 0){
-		# report
+		# report:
 		# OFBiz Search_String Parameter HTML Injection Vulnerability
 		# OFBiz Unspecified HTML Injection Vulnerability 
-		report += "The current Apache OFBiz version " + version + " Search_String Parameter HTML injection vulnerability";
+		report += "The current Apache OFBiz version " + version + " is affected by a Search_String Parameter HTML injection vulnerability";
 	}
 }
 

Added: trunk/openvas-plugins/scripts/remote-Opentaps-htmlIjection.nasl
===================================================================
--- trunk/openvas-plugins/scripts/remote-Opentaps-htmlIjection.nasl	2009-04-24 18:04:08 UTC (rev 3194)
+++ trunk/openvas-plugins/scripts/remote-Opentaps-htmlIjection.nasl	2009-04-24 19:45:26 UTC (rev 3195)
@@ -0,0 +1,83 @@
+# OpenVAS Vulnerability Test
+# $Id$
+# Description: the script test the following vulnerabilities issues
+# Opentaps Search_String Parameter HTML Injection Vulnerability (BID 21702)
+#
+# Author:
+# Christian Eric Edjenguele <christian.edjenguele at owasp.org>
+#
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License version 2 and later,
+# as published by the Free Software Foundation
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, write to the Free Software
+# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
+#
+
+
+
+if(description)
+{
+script_id(101023);
+script_cve_id("CVE-2006-6589");
+script_bugtraq_id(21702);
+name["english"] = "Opentaps ERP + CRM Search_String Parameter HTML injection vulnerability";
+script_name(english:name["english"]);
+ 
+desc["english"] = "
+The running Opentaps ERP + CRM is prone to the HTML Injection Vulnerability 
+
+Solution :
+Download the latest release form opentaps website (http://www.opentaps.org)
+
+Risk factor : Low";
+
+script_description(english:desc["english"]); 
+
+summary["english"] = "Opentaps ERP + CRM xss security check";
+
+script_summary(english:summary["english"]);
+
+script_category(ACT_ATTACK);
+
+script_copyright(english:"This script is Written by Christian Eric Edjenguele <christian.edjenguele at owasp.org> and released under GPL v2 or later");
+family["english"] = "CGI abuses: XSS";
+script_family(english:family["english"]);
+script_dependencies("find_service.nes","remote-detect-Opentaps_ERP_CRM.nasl");
+script_require_ports("Services/www");
+script_require_keys("OpentapsERP/installed","OpentapsERP/version", "OpentapsERP/port");
+
+exit(0);
+
+}
+
+#
+# The script code starts here
+#
+
+include("misc_func.inc");
+include("revisions-lib.inc");
+
+port = get_kb_item("OpentapsERP/port");
+report = '';
+
+if(!get_kb_item("OpentapsERP/installed") || !get_kb_item("OpentapsERP/version") || !port)
+        exit(0);
+
+else {
+	version = get_kb_item("OpentapsERP/version");
+
+	if(revcomp(a:version, b:"0.9.3") <= 0){
+		# report Opentaps ERP + CRM Search_String Parameter HTML Injection Vulnerability
+		report += "The current Opentaps version " + version + " is affected by a Search_String Parameter HTML injection vulnerability";
+	}
+}
+
+if(report)
+	security_hole(port:port, data:report);

Modified: trunk/openvas-plugins/scripts/remote-detect-ApacheOfbiz.nasl
===================================================================
--- trunk/openvas-plugins/scripts/remote-detect-ApacheOfbiz.nasl	2009-04-24 18:04:08 UTC (rev 3194)
+++ trunk/openvas-plugins/scripts/remote-detect-ApacheOfbiz.nasl	2009-04-24 19:45:26 UTC (rev 3195)
@@ -69,10 +69,9 @@
 include("http_func.inc");
 include("http_keepalive.inc");
 
-
+# TODO: iterate all possible https port
 port = 8443;
-
-# TODO: test additional modules 
+ 
 modules = make_list('accounting/control/main','partymgr/control/main','webtools/control/main','ordermgr/control/main');
 report = '';
 
@@ -93,7 +92,8 @@
 			if('ofbiz' >< ofbizTitlePattern[1]){
 				report += " Detected Apache Open For Business Module[" + ofbizTitlePattern[1] +"] ";
 				replace_or_set_kb_item(name:"ApacheOFBiz/installed", value:TRUE);
-				
+				replace_or_set_kb_item(name:"ApacheOFBiz/port", value:port);
+		
 				if(vendor){
 					report += "\n Detected " + vendor[1] + " " + vendor[2];
 					replace_or_set_kb_item(name:"ApacheOFBiz/version", value:vendor[2]);
@@ -102,7 +102,7 @@
 				if((servletContainer)){
 					replace_or_set_kb_item(name:"ApacheCoyote/installed", value:TRUE);
 					replace_or_set_kb_item(name:"ApacheCoyote/version", value:servletContainer[1]);
-					report += "\n " + servletContainer[0];
+					report += " on " + servletContainer[0];
 				}
 			}
 		}

More information about the Openvas-commits mailing list