[Openvas-commits] r6105 - in trunk/openvas-plugins: . scripts
scm-commit@wald.intevation.org
scm-commit at wald.intevation.org
Wed Dec 9 07:52:57 CET 2009
Author: chandra
Date: 2009-12-09 07:52:52 +0100 (Wed, 09 Dec 2009)
New Revision: 6105
Added:
trunk/openvas-plugins/scripts/gb_flashlight_detect.nasl
trunk/openvas-plugins/scripts/gb_flashlight_sql_inj_n_dir_trav_vuln.nasl
trunk/openvas-plugins/scripts/gb_moziloCMS_mult_xss_vuln.nasl
trunk/openvas-plugins/scripts/gb_ruby_rails_xss_vuln_lin.nasl
Modified:
trunk/openvas-plugins/ChangeLog
trunk/openvas-plugins/cve_current.txt
trunk/openvas-plugins/scripts/cpe.inc
Log:
Added new plugins
Modified: trunk/openvas-plugins/ChangeLog
===================================================================
--- trunk/openvas-plugins/ChangeLog 2009-12-09 02:18:48 UTC (rev 6104)
+++ trunk/openvas-plugins/ChangeLog 2009-12-09 06:52:52 UTC (rev 6105)
@@ -1,3 +1,13 @@
+2009-12-09 Chandrashekhar B <bchandra at secpod.com>
+
+ * scripts/gb_ruby_rails_xss_vuln_lin.nasl,
+ scripts/gb_flashlight_detect.nasl,
+ scripts/gb_moziloCMS_mult_xss_vuln.nasl,
+ scripts/gb_flashlight_sql_inj_n_dir_trav_vuln.nasl:
+ Added new plugns.
+
+ * scripts/cpe.inc: Added new KB items.
+
2009-12-08 Michael Meyer <michael.meyer at intevation.de>
* scripts/phpshop_37227.nasl,
Modified: trunk/openvas-plugins/cve_current.txt
===================================================================
--- trunk/openvas-plugins/cve_current.txt 2009-12-09 02:18:48 UTC (rev 6104)
+++ trunk/openvas-plugins/cve_current.txt 2009-12-09 06:52:52 UTC (rev 6105)
@@ -357,5 +357,7 @@
37227 Greenbone svn R
37208 Greenbone svn R
37157 Greenbone svn R
+CVE-2009-4209 SecPod svn R
+CVE-2009-4204 SecPod svn R
+CVE-2009-4205 SecPod svn R
-
Modified: trunk/openvas-plugins/scripts/cpe.inc
===================================================================
--- trunk/openvas-plugins/scripts/cpe.inc 2009-12-09 02:18:48 UTC (rev 6104)
+++ trunk/openvas-plugins/scripts/cpe.inc 2009-12-09 06:52:52 UTC (rev 6105)
@@ -677,6 +677,7 @@
"www/*/flatpress", "^([0-9.]+([a-z0-9]+)?)", "cpe:/a:flatpress:flatpress:",
"www/*/PHPGenealogie", "^([0-9.]+)", "cpe:/a:phpgenealogy:phpgenealogy:",
"www/*/OPT", "^([0-9.]+)", "cpe:/a:lanifex:outreach_project_tool:",
+"www/*//Flashlight/Free", "^([0-9.]+)", "cpe:/a:ringsworld:flashlight_free_edition:",
"BackupPC/Ver", "^([0-9.]+\.[0-9])\.?([a-z0-9]+)?", "cpe:/a:craig_barratt:backuppc:",
"www/*/MRBS", "^([0-9.]+([a-z0-9]+)?)", "cpe:/a:john_beranek:meeting_room_booking_system:",
"IBM/InstallMang/Win/Ver", "^([0-9.]+)", "cpe:/a:ibm:installation_manager:",
Added: trunk/openvas-plugins/scripts/gb_flashlight_detect.nasl
===================================================================
--- trunk/openvas-plugins/scripts/gb_flashlight_detect.nasl 2009-12-09 02:18:48 UTC (rev 6104)
+++ trunk/openvas-plugins/scripts/gb_flashlight_detect.nasl 2009-12-09 06:52:52 UTC (rev 6105)
@@ -0,0 +1,68 @@
+##############################################################################
+# OpenVAS Vulnerability Test
+# $Id: gb_flashlight_detect.nasl 6076 2009-12-07 16:25:36Z dec $
+#
+# Flashlight Version Detection
+#
+# Authors:
+# Antu Sanadi <santu at secpod.com>
+#
+# Copyright:
+# Copyright (c) 2009 Greenbone Networks GmbH, http://www.greenbone.net
+#
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License version 2
+# (or any later version), as published by the Free Software Foundation.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, write to the Free Software
+# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
+###############################################################################
+
+if(description)
+{
+ script_id(801074);
+ script_version("Revision: 1.0");
+ script_name("Flashlight Version Detection");
+ desc = "
+ Overview: This script finds the running Flashlight version and saves
+ the result in KB.
+
+ Risk factor: Informational";
+
+ script_description(desc);
+ script_summary("Set the version of Flashlight in KB");
+ script_category(ACT_GATHER_INFO);
+ script_copyright("Copyright (C) 2009 Greenbone Networks GmbH");
+ script_family("Service detection");
+ script_dependencies("find_service.nes");
+ script_require_ports("Services/www", 80);
+ exit(0);
+}
+
+
+include("http_func.inc");
+
+flightPort = get_http_port(default:80);
+if(!flightPort){
+ exit(0);
+}
+
+foreach path (make_list("/", "/flashlight", "/flash", cgi_dirs()))
+{
+ sndReq = http_get(item:string(path, "/README.txt"), port:flightPort);
+ rcvRes = http_send_recv(port:flightPort, data:sndReq);
+ if("Flashlight Free Edition" >< rcvRes)
+ {
+ flightVer = eregmatch(pattern:"[V|v]ersion: ([0-9.]+)", string:rcvRes);
+ if(flightVer[1] != NULL){
+ set_kb_item(name:"www/" + flightPort + "/Flashlight/Free",
+ value:flightVer[1] + " under " + path);
+ }
+ }
+}
Added: trunk/openvas-plugins/scripts/gb_flashlight_sql_inj_n_dir_trav_vuln.nasl
===================================================================
--- trunk/openvas-plugins/scripts/gb_flashlight_sql_inj_n_dir_trav_vuln.nasl 2009-12-09 02:18:48 UTC (rev 6104)
+++ trunk/openvas-plugins/scripts/gb_flashlight_sql_inj_n_dir_trav_vuln.nasl 2009-12-09 06:52:52 UTC (rev 6105)
@@ -0,0 +1,99 @@
+###############################################################################
+# OpenVAS Vulnerability Test
+# $Id: gb_flashlight_sql_inj_n_dir_trav_vuln.nasl 6076 2009-12-07 15:11:27Z dec $
+#
+# Flashlight Free Edition SQL Injection and Directory Traversal Vulnerability
+#
+# Authors:
+# Antu Sanadi <santu at secpod.com>
+#
+# Copyright:
+# Copyright (c) 2009 Greenbone Networks GmbH, http://www.greenbone.net
+#
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License version 2
+# (or any later version), as published by the Free Software Foundation.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, write to the Free Software
+# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
+###############################################################################
+
+if(description)
+{
+ script_id(801075);
+ script_version("$Revision: 1.0 $");
+ script_cve_id("CVE-2009-4204","CVE-2009-4205");
+ script_name("Flashlight Free Edition SQL Injection and Directory Traversal Vulnerability");
+ desc = "
+ Overview: The host is running Flashlight Free Edition and is prone to SQL
+ Injection and Directory Traversal Vulnerability.
+
+ Vulnerability Insight:
+ Flaws are due to:
+ - An error in 'read.php' which is not properly sanitizing user supplied input
+ before being used in SQL queries via 'id' parameter.
+ - An error in 'admin.php' which is not properly sanitizing user supplied input
+ before being used via a .. (dot dot) in the action 'parameter' which causes
+ directory traversal attacks in the application context.
+
+ Impact:
+ Successful exploitation could allow remote attackers to view, add, modify
+ or delete information in the back end database or include arbitrary files
+ from local and remote resources to compromise a vulnerable server.
+
+ Impact Level: Network/System.
+
+ Affected Software/OS:
+ Flashlight Free version 1.0 on all running platform.
+
+ Fix:
+ No solution or patch is available as on 07th December, 2009. Information
+ regarding this issue will be updated once the solution details are available.
+ For updates refer, http://scripts.ringsworld.com/communication-tools
+
+ References:
+ http://www.milw0rm.com/exploits/8856
+ http://xforce.iss.net/xforce/xfdb/50906
+
+ CVSS Score:
+ CVSS Base Score : 7.5 (AV:N/AC:L/Au:NR/C:P/I:P/A:P)
+ CVSS Temporal Score : 6.7
+ Risk factor : High";
+
+ script_description(desc);
+ script_summary("Check for the version of Flashlight");
+ script_category(ACT_GATHER_INFO);
+ script_copyright("Copyright (C) 2009 Greenbone Networks GmbH");
+ script_dependencies("gb_flashlight_detect.nasl");
+ script_family("Web application abuses");
+ script_require_ports("Services/www", 80);
+ exit(0);
+}
+
+
+include("http_func.inc");
+include("version_func.inc");
+
+fPort = get_http_port(default:80);
+if(!fPort){
+ exit(0);
+}
+
+fVer = get_kb_item("www/" + fPort + "/Flashlight/Free");
+if(!fVer){
+ exit(0);
+}
+
+fVer = eregmatch(pattern:"^(.+) under (/.*)$", string:fVer);
+if(fVer[1] != NULL)
+{
+ if(version_is_equal(version:fVer[1], test_version:"1.0")){
+ security_hole(fPort);
+ }
+}
Added: trunk/openvas-plugins/scripts/gb_moziloCMS_mult_xss_vuln.nasl
===================================================================
--- trunk/openvas-plugins/scripts/gb_moziloCMS_mult_xss_vuln.nasl 2009-12-09 02:18:48 UTC (rev 6104)
+++ trunk/openvas-plugins/scripts/gb_moziloCMS_mult_xss_vuln.nasl 2009-12-09 06:52:52 UTC (rev 6105)
@@ -0,0 +1,98 @@
+###############################################################################
+# OpenVAS Vulnerability Test
+# $Id: gb_moziloCMS_mult_xss_vuln.nasl 6078 2009-12-07 15:11:27Z dec $
+#
+# moziloCMS Multiple Cross Site Scripting Vulnerabilities
+#
+# Authors:
+# Antu Sanadi<santu at secpod.com>
+#
+# Copyright:
+# Copyright (c) 2009 Greenbone Networks GmbH, http://www.greenbone.net
+#
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License version 2
+# (or any later version), as published by the Free Software Foundation.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, write to the Free Software
+# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
+###############################################################################
+
+if(description)
+{
+ script_id(801076);
+ script_version("$Revision: 1.0 $");
+ script_cve_id("CVE-2009-4209");
+ script_bugtraq_id(35212);
+ script_name("moziloCMS Multiple Cross Site Scripting Vulnerabilities");
+ desc = "
+ Overview: The host is running moziloCMS and is prone to Multiple Cross Site
+ Scripting Vulnerabilities
+
+ Vulnerability Insight:
+ The flaws are due to an error in 'admin/index.php'. The input values are not
+ properly verified before being used via 'cat' and file parameters in an
+ 'editsite' action.
+
+ Impact:
+ Successful exploitation will allow remote attackers to execute arbitrary HTML
+ and script code in a user's browser session in the context of an affected
+ site.
+
+ Impact Level: Application.
+
+ Affected Software/OS:
+ moziloCMS version 1.11.1 and prior on all running platform.
+
+ Fix:
+ No solution or patch is available as on 07th December, 2009. Information
+ regarding this issue will be updated once the solution details are available.
+ For updates refer, http://cms.mozilo.de/index.php?cat=10_moziloCMS&page=50_Download
+
+ References:
+ http://en.securitylab.ru/nvd/388498.php
+ http://downloads.securityfocus.com/vulnerabilities/exploits/35212.txt
+
+ CVSS Score:
+ CVSS Base Score : 7.5 (AV:N/AC:L/Au:NR/C:P/I:P/A:P)
+ CVSS Temporal Score : 6.7
+ Risk factor : High";
+
+ script_description(desc);
+ script_summary("Check for the version of moziloCMS ");
+ script_category(ACT_GATHER_INFO);
+ script_copyright("Copyright (C) 2009 Greenbone Networks GmbH");
+ script_dependencies("mozilloCMS_detect.nasl");
+ script_family("Web application abuses");
+ script_require_ports("Services/www", 80);
+ exit(0);
+}
+
+
+include("http_func.inc");
+include("version_func.inc");
+
+mzVer = get_http_port(default:80);
+if(!mzVer){
+ exit(0);
+}
+
+mzVer = get_kb_item("www/" + mzVer + "/moziloCMS");
+if(!mzVer){
+ exit(0);
+}
+
+mzVer = eregmatch(pattern:"^(.+) under (/.*)$", string:mzVer);
+if(mzVer[1] != NULL)
+{
+ if(version_is_less_equal(version:mzVer[1], test_version:"1.11.1")){
+ security_hole(mzVer);
+ }
+}
+
Added: trunk/openvas-plugins/scripts/gb_ruby_rails_xss_vuln_lin.nasl
===================================================================
--- trunk/openvas-plugins/scripts/gb_ruby_rails_xss_vuln_lin.nasl 2009-12-09 02:18:48 UTC (rev 6104)
+++ trunk/openvas-plugins/scripts/gb_ruby_rails_xss_vuln_lin.nasl 2009-12-09 06:52:52 UTC (rev 6105)
@@ -0,0 +1,98 @@
+###############################################################################
+# OpenVAS Vulnerability Test
+# $Id: gb_ruby_rails_xss_vuln_lin.nasl 6090 2009-12-08 19:05:55Z dec $
+#
+# Ruby on Rails 'strip_tags' Cross Site Scripting Vulnerability (Linux)
+#
+# Authors:
+# Antu Sanadi<santu at secpod.com>
+#
+# Copyright:
+# Copyright (c) 2009 Greenbone Networks GmbH, http://www.greenbone.net
+#
+#
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License version 2
+# (or any later version), as published by the Free Software Foundation.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, write to the Free Software
+# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
+###############################################################################
+
+if(description)
+{
+ script_id(801078);
+ script_version("$Revision: 1.0 $");
+ script_cve_id("CVE-2009-4214");
+ script_bugtraq_id(37142);
+ script_name("Ruby on Rails 'strip_tags' Cross Site Scripting Vulnerability (Linux)");
+ desc = "
+ Overview: The host is running Ruby on Rails, which is prone to Cross Site
+ Scripting Vulnerability.
+
+ Vulnerability Insight:
+ This issue is caused due to the error in 'strip_tagi()' function which is
+ not properly escaping non-printable ascii characters.
+
+ Impact:
+ Successful exploitation will let the attacker to execute arbitrary script code
+ in the browser of an unsuspecting user in the context of the affected site or
+ steal cookie-based authentication credentials and launch other attacks.
+
+ Impact Level: Application
+
+ Affected Software/OS:
+ Ruby on Rails version before 2.3.5
+
+ Fix:
+ Apply the security patches or upgrade to Ruby on Rails version 2.3.5
+ http://github.com/rails/rails/
+ http://rubyonrails.org/download
+
+ *****
+ NOTE: Ignore this warning, if above mentioned patch is manually applied.
+ *****
+
+ References:
+ http://secunia.com/advisories/37446
+ http://www.securitytracker.com/id?1023245
+ http://www.vupen.com/english/advisories/2009/3352
+ http://www.openwall.com/lists/oss-security/2009/11/27/2
+
+ CVSS Score:
+ CVSS Base Score : 7.5 (AV:N/AC:L/Au:NR/C:P/I:P/A:P)
+ CVSS Temporal Score : 5.5
+ Risk factor: High";
+
+ script_description(desc);
+ script_summary("Check for the version of Ruby on Rails");
+ script_category(ACT_GATHER_INFO);
+ script_copyright("Copyright (C) 2009 Greenbone Networks GmbH");
+ script_family("Web application abuses");
+ script_dependencies("gb_ruby_rails_detect.nasl");
+ script_require_keys("Ruby-Rails/Linux/Ver");
+ exit(0);
+}
+
+
+include("version_func.inc");
+
+railsPort = 3000;
+
+if(!get_port_state(railsPort)){
+ exit(0);
+}
+
+railsVer = get_kb_item("Ruby-Rails/Linux/Ver");
+
+if(railsVer){
+ if(version_is_less(version:railsVer, test_version:"2.3.5")){
+ security_hole(railsPort);
+ }
+}
Property changes on: trunk/openvas-plugins/scripts/gb_ruby_rails_xss_vuln_lin.nasl
___________________________________________________________________
Name: svn:executable
+ *
More information about the Openvas-commits
mailing list