[Openvas-commits] r6105 - in trunk/openvas-plugins: . scripts

scm-commit@wald.intevation.org scm-commit at wald.intevation.org
Wed Dec 9 07:52:57 CET 2009


Author: chandra
Date: 2009-12-09 07:52:52 +0100 (Wed, 09 Dec 2009)
New Revision: 6105

Added:
   trunk/openvas-plugins/scripts/gb_flashlight_detect.nasl
   trunk/openvas-plugins/scripts/gb_flashlight_sql_inj_n_dir_trav_vuln.nasl
   trunk/openvas-plugins/scripts/gb_moziloCMS_mult_xss_vuln.nasl
   trunk/openvas-plugins/scripts/gb_ruby_rails_xss_vuln_lin.nasl
Modified:
   trunk/openvas-plugins/ChangeLog
   trunk/openvas-plugins/cve_current.txt
   trunk/openvas-plugins/scripts/cpe.inc
Log:
Added new plugins

Modified: trunk/openvas-plugins/ChangeLog
===================================================================
--- trunk/openvas-plugins/ChangeLog	2009-12-09 02:18:48 UTC (rev 6104)
+++ trunk/openvas-plugins/ChangeLog	2009-12-09 06:52:52 UTC (rev 6105)
@@ -1,3 +1,13 @@
+2009-12-09  Chandrashekhar B <bchandra at secpod.com>
+
+	* scripts/gb_ruby_rails_xss_vuln_lin.nasl,
+	scripts/gb_flashlight_detect.nasl,
+	scripts/gb_moziloCMS_mult_xss_vuln.nasl,
+	scripts/gb_flashlight_sql_inj_n_dir_trav_vuln.nasl:
+	Added new plugns.
+
+	* scripts/cpe.inc: Added new KB items.
+
 2009-12-08 Michael Meyer <michael.meyer at intevation.de>
 
 	* scripts/phpshop_37227.nasl,

Modified: trunk/openvas-plugins/cve_current.txt
===================================================================
--- trunk/openvas-plugins/cve_current.txt	2009-12-09 02:18:48 UTC (rev 6104)
+++ trunk/openvas-plugins/cve_current.txt	2009-12-09 06:52:52 UTC (rev 6105)
@@ -357,5 +357,7 @@
 37227				Greenbone	svn		R
 37208				Greenbone	svn		R
 37157				Greenbone	svn		R
+CVE-2009-4209			SecPod		svn		R
+CVE-2009-4204			SecPod		svn		R
+CVE-2009-4205			SecPod		svn		R
 
-

Modified: trunk/openvas-plugins/scripts/cpe.inc
===================================================================
--- trunk/openvas-plugins/scripts/cpe.inc	2009-12-09 02:18:48 UTC (rev 6104)
+++ trunk/openvas-plugins/scripts/cpe.inc	2009-12-09 06:52:52 UTC (rev 6105)
@@ -677,6 +677,7 @@
 "www/*/flatpress", "^([0-9.]+([a-z0-9]+)?)", "cpe:/a:flatpress:flatpress:",
 "www/*/PHPGenealogie", "^([0-9.]+)", "cpe:/a:phpgenealogy:phpgenealogy:",
 "www/*/OPT", "^([0-9.]+)", "cpe:/a:lanifex:outreach_project_tool:",
+"www/*//Flashlight/Free", "^([0-9.]+)", "cpe:/a:ringsworld:flashlight_free_edition:",
 "BackupPC/Ver", "^([0-9.]+\.[0-9])\.?([a-z0-9]+)?", "cpe:/a:craig_barratt:backuppc:",
 "www/*/MRBS", "^([0-9.]+([a-z0-9]+)?)", "cpe:/a:john_beranek:meeting_room_booking_system:",
 "IBM/InstallMang/Win/Ver", "^([0-9.]+)", "cpe:/a:ibm:installation_manager:",

Added: trunk/openvas-plugins/scripts/gb_flashlight_detect.nasl
===================================================================
--- trunk/openvas-plugins/scripts/gb_flashlight_detect.nasl	2009-12-09 02:18:48 UTC (rev 6104)
+++ trunk/openvas-plugins/scripts/gb_flashlight_detect.nasl	2009-12-09 06:52:52 UTC (rev 6105)
@@ -0,0 +1,68 @@
+##############################################################################
+# OpenVAS Vulnerability Test
+# $Id: gb_flashlight_detect.nasl 6076 2009-12-07 16:25:36Z dec $
+#
+# Flashlight Version Detection
+#
+# Authors:
+# Antu Sanadi <santu at secpod.com>
+#
+# Copyright:
+# Copyright (c) 2009 Greenbone Networks GmbH, http://www.greenbone.net
+#
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License version 2
+# (or any later version), as published by the Free Software Foundation.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, write to the Free Software
+# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
+###############################################################################
+
+if(description)
+{
+  script_id(801074);
+  script_version("Revision: 1.0");
+  script_name("Flashlight Version Detection");
+  desc = "
+  Overview: This script finds the running Flashlight version and saves
+  the result in KB.
+
+  Risk factor: Informational";
+
+  script_description(desc);
+  script_summary("Set the version of Flashlight in KB");
+  script_category(ACT_GATHER_INFO);
+  script_copyright("Copyright (C) 2009 Greenbone Networks GmbH");
+  script_family("Service detection");
+  script_dependencies("find_service.nes");
+  script_require_ports("Services/www", 80);
+  exit(0);
+}
+
+
+include("http_func.inc");
+
+flightPort = get_http_port(default:80);
+if(!flightPort){
+  exit(0);
+}
+
+foreach path (make_list("/", "/flashlight", "/flash", cgi_dirs()))
+{
+  sndReq = http_get(item:string(path, "/README.txt"), port:flightPort);
+  rcvRes = http_send_recv(port:flightPort, data:sndReq);
+  if("Flashlight Free Edition" >< rcvRes)
+  {
+    flightVer = eregmatch(pattern:"[V|v]ersion: ([0-9.]+)", string:rcvRes);
+    if(flightVer[1] != NULL){
+       set_kb_item(name:"www/" + flightPort + "/Flashlight/Free",
+                         value:flightVer[1] + " under " + path);
+    }
+  }
+}

Added: trunk/openvas-plugins/scripts/gb_flashlight_sql_inj_n_dir_trav_vuln.nasl
===================================================================
--- trunk/openvas-plugins/scripts/gb_flashlight_sql_inj_n_dir_trav_vuln.nasl	2009-12-09 02:18:48 UTC (rev 6104)
+++ trunk/openvas-plugins/scripts/gb_flashlight_sql_inj_n_dir_trav_vuln.nasl	2009-12-09 06:52:52 UTC (rev 6105)
@@ -0,0 +1,99 @@
+###############################################################################
+# OpenVAS Vulnerability Test
+# $Id: gb_flashlight_sql_inj_n_dir_trav_vuln.nasl 6076 2009-12-07 15:11:27Z dec $
+#
+# Flashlight Free Edition SQL Injection and Directory Traversal Vulnerability
+#
+# Authors:
+# Antu Sanadi <santu at secpod.com>
+#
+# Copyright:
+# Copyright (c) 2009 Greenbone Networks GmbH, http://www.greenbone.net
+#
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License version 2
+# (or any later version), as published by the Free Software Foundation.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, write to the Free Software
+# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
+###############################################################################
+
+if(description)
+{
+  script_id(801075);
+  script_version("$Revision: 1.0 $");
+  script_cve_id("CVE-2009-4204","CVE-2009-4205");
+  script_name("Flashlight Free Edition SQL Injection and Directory Traversal Vulnerability");
+  desc = "
+  Overview: The host is running Flashlight Free Edition and is prone to SQL
+  Injection and Directory Traversal Vulnerability.
+
+  Vulnerability Insight:
+  Flaws are due to:
+  - An error in 'read.php' which is not properly sanitizing user supplied input
+    before being used in SQL queries via 'id' parameter.
+  - An error in 'admin.php' which is not properly sanitizing user supplied input
+    before being used via a .. (dot dot) in the action 'parameter' which causes
+    directory traversal attacks in the application context.
+
+  Impact:
+  Successful exploitation could allow remote attackers to view, add, modify
+  or delete information in the back end database or include arbitrary files
+  from local and remote resources to compromise a vulnerable server.
+
+  Impact Level: Network/System.
+
+  Affected Software/OS:
+  Flashlight Free version 1.0 on all running platform.
+
+  Fix:
+  No solution or patch is available as on 07th December, 2009. Information
+  regarding this issue will be updated once the solution details are available.
+  For updates refer, http://scripts.ringsworld.com/communication-tools
+
+  References:
+  http://www.milw0rm.com/exploits/8856
+  http://xforce.iss.net/xforce/xfdb/50906
+
+  CVSS Score:
+    CVSS Base Score      : 7.5 (AV:N/AC:L/Au:NR/C:P/I:P/A:P)
+    CVSS Temporal Score  : 6.7
+  Risk factor : High";
+
+  script_description(desc);
+  script_summary("Check for the version of Flashlight");
+  script_category(ACT_GATHER_INFO);
+  script_copyright("Copyright (C) 2009 Greenbone Networks GmbH");
+  script_dependencies("gb_flashlight_detect.nasl");
+  script_family("Web application abuses");
+  script_require_ports("Services/www", 80);
+  exit(0);
+}
+
+
+include("http_func.inc");
+include("version_func.inc");
+
+fPort = get_http_port(default:80);
+if(!fPort){
+  exit(0);
+}
+
+fVer = get_kb_item("www/" + fPort + "/Flashlight/Free");
+if(!fVer){
+  exit(0);
+}
+
+fVer = eregmatch(pattern:"^(.+) under (/.*)$", string:fVer);
+if(fVer[1] != NULL)
+{
+  if(version_is_equal(version:fVer[1], test_version:"1.0")){
+    security_hole(fPort);
+  }
+}

Added: trunk/openvas-plugins/scripts/gb_moziloCMS_mult_xss_vuln.nasl
===================================================================
--- trunk/openvas-plugins/scripts/gb_moziloCMS_mult_xss_vuln.nasl	2009-12-09 02:18:48 UTC (rev 6104)
+++ trunk/openvas-plugins/scripts/gb_moziloCMS_mult_xss_vuln.nasl	2009-12-09 06:52:52 UTC (rev 6105)
@@ -0,0 +1,98 @@
+###############################################################################
+# OpenVAS Vulnerability Test
+# $Id: gb_moziloCMS_mult_xss_vuln.nasl 6078 2009-12-07 15:11:27Z dec $
+#
+# moziloCMS Multiple Cross Site Scripting Vulnerabilities
+#
+# Authors:
+# Antu Sanadi<santu at secpod.com>
+#
+# Copyright:
+# Copyright (c) 2009 Greenbone Networks GmbH, http://www.greenbone.net
+#
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License version 2
+# (or any later version), as published by the Free Software Foundation.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, write to the Free Software
+# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
+###############################################################################
+
+if(description)
+{
+  script_id(801076);
+  script_version("$Revision: 1.0 $");
+  script_cve_id("CVE-2009-4209");
+  script_bugtraq_id(35212);
+  script_name("moziloCMS Multiple Cross Site Scripting Vulnerabilities");
+  desc = "
+  Overview: The host is running moziloCMS and is prone to Multiple Cross Site
+  Scripting Vulnerabilities
+
+  Vulnerability Insight:
+  The flaws are due to an error in 'admin/index.php'. The input values are not
+  properly verified before being used via 'cat' and file parameters in an
+  'editsite' action.
+
+  Impact:
+  Successful exploitation will allow remote attackers to execute arbitrary HTML
+  and script code in a user's browser session in the context of an affected
+  site.
+
+  Impact Level: Application.
+
+  Affected Software/OS:
+  moziloCMS version 1.11.1 and prior on all running platform.
+
+  Fix:
+  No solution or patch is available as on 07th December, 2009. Information
+  regarding this issue will be updated once the solution details are available.
+  For updates refer, http://cms.mozilo.de/index.php?cat=10_moziloCMS&page=50_Download
+
+  References:
+  http://en.securitylab.ru/nvd/388498.php
+  http://downloads.securityfocus.com/vulnerabilities/exploits/35212.txt
+
+  CVSS Score:
+    CVSS Base Score      : 7.5 (AV:N/AC:L/Au:NR/C:P/I:P/A:P)
+    CVSS Temporal Score  : 6.7
+  Risk factor : High";
+
+  script_description(desc);
+  script_summary("Check for the version of moziloCMS ");
+  script_category(ACT_GATHER_INFO);
+  script_copyright("Copyright (C) 2009 Greenbone Networks GmbH");
+  script_dependencies("mozilloCMS_detect.nasl");
+  script_family("Web application abuses");
+  script_require_ports("Services/www", 80);
+  exit(0);
+}
+
+
+include("http_func.inc");
+include("version_func.inc");
+
+mzVer = get_http_port(default:80);
+if(!mzVer){
+  exit(0);
+}
+
+mzVer = get_kb_item("www/" + mzVer + "/moziloCMS");
+if(!mzVer){
+  exit(0);
+}
+
+mzVer = eregmatch(pattern:"^(.+) under (/.*)$", string:mzVer);
+if(mzVer[1] != NULL)
+{
+  if(version_is_less_equal(version:mzVer[1], test_version:"1.11.1")){
+    security_hole(mzVer);
+  }
+}
+

Added: trunk/openvas-plugins/scripts/gb_ruby_rails_xss_vuln_lin.nasl
===================================================================
--- trunk/openvas-plugins/scripts/gb_ruby_rails_xss_vuln_lin.nasl	2009-12-09 02:18:48 UTC (rev 6104)
+++ trunk/openvas-plugins/scripts/gb_ruby_rails_xss_vuln_lin.nasl	2009-12-09 06:52:52 UTC (rev 6105)
@@ -0,0 +1,98 @@
+###############################################################################
+# OpenVAS Vulnerability Test
+# $Id: gb_ruby_rails_xss_vuln_lin.nasl 6090 2009-12-08 19:05:55Z dec $
+#
+# Ruby on Rails 'strip_tags' Cross Site Scripting Vulnerability (Linux)
+#
+# Authors:
+# Antu Sanadi<santu at secpod.com>
+#
+# Copyright:
+# Copyright (c) 2009 Greenbone Networks GmbH, http://www.greenbone.net
+#
+#
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License version 2
+# (or any later version), as published by the Free Software Foundation.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, write to the Free Software
+# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
+###############################################################################
+
+if(description)
+{
+  script_id(801078);
+  script_version("$Revision: 1.0 $");
+  script_cve_id("CVE-2009-4214");
+  script_bugtraq_id(37142);
+  script_name("Ruby on Rails 'strip_tags' Cross Site Scripting Vulnerability (Linux)");
+  desc = "
+  Overview: The host is running Ruby on Rails, which is prone to Cross Site
+  Scripting Vulnerability.
+
+  Vulnerability Insight:
+  This issue is caused due to the error in 'strip_tagi()' function which is
+  not properly escaping non-printable ascii characters.
+
+  Impact:
+  Successful exploitation will let the attacker to execute arbitrary script code
+  in the browser of an unsuspecting user in the context of the affected site or
+  steal cookie-based authentication credentials and launch other attacks.
+
+  Impact Level: Application
+
+  Affected Software/OS:
+  Ruby on Rails version before 2.3.5
+
+  Fix:
+  Apply the security patches or upgrade to Ruby on Rails version 2.3.5
+  http://github.com/rails/rails/
+  http://rubyonrails.org/download
+
+  *****
+  NOTE: Ignore this warning, if above mentioned patch is manually applied.
+  *****
+
+  References:
+  http://secunia.com/advisories/37446
+  http://www.securitytracker.com/id?1023245
+  http://www.vupen.com/english/advisories/2009/3352
+  http://www.openwall.com/lists/oss-security/2009/11/27/2
+
+  CVSS Score:
+    CVSS Base Score     : 7.5 (AV:N/AC:L/Au:NR/C:P/I:P/A:P)
+    CVSS Temporal Score : 5.5
+  Risk factor: High";
+
+  script_description(desc);
+  script_summary("Check for the version of Ruby on Rails");
+  script_category(ACT_GATHER_INFO);
+  script_copyright("Copyright (C) 2009 Greenbone Networks GmbH");
+  script_family("Web application abuses");
+  script_dependencies("gb_ruby_rails_detect.nasl");
+  script_require_keys("Ruby-Rails/Linux/Ver");
+  exit(0);
+}
+
+
+include("version_func.inc");
+
+railsPort = 3000;
+
+if(!get_port_state(railsPort)){
+  exit(0);
+}
+
+railsVer = get_kb_item("Ruby-Rails/Linux/Ver");
+
+if(railsVer){
+  if(version_is_less(version:railsVer, test_version:"2.3.5")){
+    security_hole(railsPort);
+  }
+}


Property changes on: trunk/openvas-plugins/scripts/gb_ruby_rails_xss_vuln_lin.nasl
___________________________________________________________________
Name: svn:executable
   + *



More information about the Openvas-commits mailing list