[Openvas-commits] r3197 - in trunk/openvas-plugins: . scripts

scm-commit@wald.intevation.org scm-commit at wald.intevation.org
Sat Apr 25 22:18:00 CEST 2009 

Author: edjenguele
Date: 2009-04-25 22:17:58 +0200 (Sat, 25 Apr 2009)
New Revision: 3197

Added:
   trunk/openvas-plugins/scripts/remote-Opentaps-defaultPwd.nasl
Modified:
   trunk/openvas-plugins/ChangeLog
   trunk/openvas-plugins/scripts/remote-ApacheOfbiz-defaultPwd.nasl
   trunk/openvas-plugins/scripts/remote-detect-Opentaps_ERP_CRM.nasl
Log:
set right script name and referer header for ApacheOfbiz-defaultPwd plugin, 
add a set_kb_item(OpentapsERP/port) for Opentaps_ERP_CRM plugin, 
added new script Opentaps-defaultPwd nvt


Modified: trunk/openvas-plugins/ChangeLog
===================================================================
--- trunk/openvas-plugins/ChangeLog	2009-04-25 19:03:34 UTC (rev 3196)
+++ trunk/openvas-plugins/ChangeLog	2009-04-25 20:17:58 UTC (rev 3197)
@@ -1,4 +1,12 @@
 2009-04-24 Christian Eric Edjenguele <christian.edjenguele at owasp.org>
+	* scripts/remote-detect-Opentaps_ERP_CRM.nasl,
+        * scripts/remote-ApacheOfbiz-defaultPwd.nasl,
+	* scripts/remote-Opentaps-defaultPwd.nasl:
+	set right script name and referer header for ApacheOfbiz-defaultPwd
+	plugin, add s set_kb_item(OpentapsERP/port) for Opentaps_ERP_CRM
+	plugin, added new script Opentaps-defaultPwd
+	
+2009-04-25 Christian Eric Edjenguele <christian.edjenguele at owasp.org>
 	* scripts/remote-ApacheOfbiz-defaultPwd.nasl:
 	Added new script
 

Modified: trunk/openvas-plugins/scripts/remote-ApacheOfbiz-defaultPwd.nasl
===================================================================
--- trunk/openvas-plugins/scripts/remote-ApacheOfbiz-defaultPwd.nasl	2009-04-25 19:03:34 UTC (rev 3196)
+++ trunk/openvas-plugins/scripts/remote-ApacheOfbiz-defaultPwd.nasl	2009-04-25 20:17:58 UTC (rev 3197)
@@ -3,7 +3,7 @@
 # Description: 
 # This script the Apache Open For Business (Apache OFBiz) default administrator credentials vulnerability
 #
-# remote-detect-ApacheOfbiz.nasl
+# remote-ApacheOfbiz-defaultPwd.nasl
 #
 # Author:
 # Christian Eric Edjenguele <christian.edjenguele at owasp.org>
@@ -86,7 +86,8 @@
 	request = string("POST /", module, " HTTP/1.1\r\n",
 			 "Content-Type: application/x-www-form-urlencoded\r\n", 
         		 "Content-Length: ", strlen(postdata),"\r\n",
-		 	 "Host: ", get_host_name(), 
+			 "Referer: http://", host, ":", port, module, "\r\n",
+		 	 "Host: ", host, 
 		 	 "\r\n\r\n",
 		 	 postdata);
 
@@ -97,7 +98,7 @@
 		welcomeMsg = egrep(pattern:"Welcome THE ADMIN.*", string:reply);
 	
 		if(welcomeMsg){
-			report += "Apache OFBiz said: " + welcomeMsg + "You are using Apache OFBiz default ADMINISTRATOR username [admin] and pawssord [ofbiz], this can cause security problem in production environment";
+			report += "Apache OFBiz said: " + welcomeMsg + "You are using Apache OFBiz with default ADMINISTRATOR username [admin] and pawssord [ofbiz], this can cause security problem in production environment";
 		}	
 	}
 }

Added: trunk/openvas-plugins/scripts/remote-Opentaps-defaultPwd.nasl
===================================================================
--- trunk/openvas-plugins/scripts/remote-Opentaps-defaultPwd.nasl	2009-04-25 19:03:34 UTC (rev 3196)
+++ trunk/openvas-plugins/scripts/remote-Opentaps-defaultPwd.nasl	2009-04-25 20:17:58 UTC (rev 3197)
@@ -0,0 +1,110 @@
+# OpenVAS Vulnerability Test
+# $Id$
+# Description: 
+# This script the Opentaps ERP + CRM default administrator credentials vulnerability
+#
+# remote-Opentaps-defaultPwd.nasl
+#
+# Author:
+# Christian Eric Edjenguele <christian.edjenguele at owasp.org>
+#
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License version 2 and later,
+# as published by the Free Software Foundation
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, write to the Free Software
+# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
+#
+
+
+
+if(description)
+{
+script_id(101024);
+name["english"] = "Opentaps ERP + CRM Weak Password security check";
+script_name(english:name["english"]);
+ 
+desc["english"] = "
+The remote host is running the Apache OFBiz with default administrator username and password. 
+Opentaps is a full-featured ERP + CRM suite which incorporates several open source projects, 
+including Apache Geronimo, Tomcat, and OFBiz for the data model and transaction framework; 
+Pentaho and JasperReports for business intelligence; Funambol for mobile device and Outlook integration; 
+and the opentaps applications which provide user-driven applications for CRM, accounting and finance, 
+warehouse and manufacturing, and purchasing and supply chain mmanagement.
+
+
+Impact:
+This allow an attacker to gain administrative access to the remote application
+
+Solution :
+You must change the default settings if you want to run it for production purposes,
+please refer to the Opentaps ERP + CRM documentation, for further information on how to do this 
+
+Risk factor : High";
+
+script_description(english:desc["english"]); 
+
+summary["english"] = "Opentaps ERP + CRM default administrator credentials vulnerability";
+
+script_summary(english:summary["english"]);
+
+script_category(ACT_ATTACK);
+
+script_copyright(english:"This script is Written by Christian Eric Edjenguele <christian.edjenguele at owasp.org> and released under GPL v2 or later");
+family["english"] = "Settings";
+script_family(english:family["english"]);
+script_dependencies("find_service.nes", "remote-detect-Opentaps_ERP_CRM.nasl");
+script_require_keys("OpentapsERP/port");
+script_require_ports("Services/www");
+
+
+exit(0);
+
+}
+
+#
+# The script code starts here
+#
+
+include("misc_func.inc");
+include("http_func.inc");
+include("http_keepalive.inc");
+
+
+port = get_kb_item("OpentapsERP/port");
+module = 'webtools/control/login';
+report = '';
+host = get_host_name();
+postdata = string("USERNAME=admin&PASSWORD=ofbiz");
+
+if(!port){
+	port = 8080;
+	request = string("POST /", module, " HTTP/1.1\r\n",
+			 "Content-Type: application/x-www-form-urlencoded\r\n", 
+        		 "Content-Length: ", strlen(postdata), "\r\n",
+ 			 "Referer: http://", host, ":", port, module, "\r\n",
+		 	 "Host: ", host, 
+		 	 "\r\n\r\n",
+		 	 postdata);
+
+	reply = http_send_recv(port:port, data:request);
+
+	if(reply){
+	
+		welcomeMsg = egrep(pattern:"Welcome THE ADMIN.*", string:reply);
+	
+		if(welcomeMsg){
+			report += "Opentaps ERP + CRM said: " + welcomeMsg + "this application is running using default ADMINISTRATOR username [admin] and pawssord [ofbiz], this can cause security problem in production environment";
+		}	
+	}
+}
+
+if(report)
+	security_note(port:port, data:report);
+

Modified: trunk/openvas-plugins/scripts/remote-detect-Opentaps_ERP_CRM.nasl
===================================================================
--- trunk/openvas-plugins/scripts/remote-detect-Opentaps_ERP_CRM.nasl	2009-04-25 19:03:34 UTC (rev 3196)
+++ trunk/openvas-plugins/scripts/remote-detect-Opentaps_ERP_CRM.nasl	2009-04-25 20:17:58 UTC (rev 3197)
@@ -71,7 +71,7 @@
 include("http_keepalive.inc");
 
 
-aport = get_http_port(default:8080);
+thePort = get_http_port(default:8080);
 
 pages = make_array(0,'/',1,'webtools/control/main');
 report = '';
@@ -79,8 +79,8 @@
 softwareRequest = string("GET ", pages[0], " HTTP/1.1\r\n","Host: ", get_host_name(), "\r\n\r\n");
 versionRequest = string("GET /", pages[1], " HTTP/1.1\r\n","Host: ", get_host_name(), "\r\n\r\n");
 
-softwareReply = http_send_recv(port:aport, data:softwareRequest);
-versionReply = http_send_recv(port:aport, data:versionRequest);
+softwareReply = http_send_recv(port:thePort, data:softwareRequest);
+versionReply = http_send_recv(port:thePort, data:versionRequest);
 
  
 if(softwareReply){
@@ -92,6 +92,7 @@
 		if('opentaps' >< opentapsTitlePattern[0]){
 			report += " The remote host is running " + opentapsTitlePattern[1];
 			replace_or_set_kb_item(name:"OpentapsERP/installed", value:TRUE);
+			replace_or_set_kb_item(name:"OpentapsERP/port", value:thePort);
 		}
 	}
 
@@ -112,6 +113,7 @@
 		report += " Detected " + version[1] + " " + version[2];
 		replace_or_set_kb_item(name:"OpentapsERP/installed", value:TRUE);
 		replace_or_set_kb_item(name:"OpentapsERP/version", value:version[2]);
+		replace_or_set_kb_item(name:"OpentapsERP/port", value:thePort);
 	}
 
 	if((servletContainer)){
@@ -122,4 +124,4 @@
 }
 
 if(report)
-	security_note(port:port, data:report);
+	security_note(port:thePort, data:report);

More information about the Openvas-commits mailing list