[Openvas-commits] r3309 - in trunk/openvas-plugins: . scripts

scm-commit@wald.intevation.org scm-commit at wald.intevation.org
Sun May 10 17:01:16 CEST 2009


Author: mime
Date: 2009-05-10 17:01:14 +0200 (Sun, 10 May 2009)
New Revision: 3309

Added:
   trunk/openvas-plugins/scripts/GlassFish_34824.nasl
   trunk/openvas-plugins/scripts/GlassFish_detect.nasl
   trunk/openvas-plugins/scripts/TinyWebGallery_34892.nasl
   trunk/openvas-plugins/scripts/TinyWebGallery_detect.nasl
   trunk/openvas-plugins/scripts/realty_web_base_34886.nasl
   trunk/openvas-plugins/scripts/realty_web_base_detect.nasl
Modified:
   trunk/openvas-plugins/ChangeLog
   trunk/openvas-plugins/scripts/find_service_3digits.nasl
   trunk/openvas-plugins/scripts/remote-detect-Leap_CMS.nasl
   trunk/openvas-plugins/scripts/secpod_squid_detect.nasl
Log:
Added new plugins. Bugfixes

Modified: trunk/openvas-plugins/ChangeLog
===================================================================
--- trunk/openvas-plugins/ChangeLog	2009-05-10 12:58:10 UTC (rev 3308)
+++ trunk/openvas-plugins/ChangeLog	2009-05-10 15:01:14 UTC (rev 3309)
@@ -1,3 +1,22 @@
+2009-05-10 Michael Meyer <mime at gmx.de>
+	* scripts/GlassFish_34824.nasl,
+	scripts/realty_web_base_detect.nasl,
+	scripts/TinyWebGallery_34892.nasl,
+	scripts/TinyWebGallery_detect.nasl,
+	scripts/realty_web_base_34886.nasl,
+	scripts/GlassFish_detect.nasl:
+	Added new plugins
+
+	* scripts/remote-detect-Leap_CMS.nasl:
+	Fixed wrong detection of GlassFish on port 8080 as a Leap CMS
+
+	* scripts/find_service_3digits.nasl:
+	Added detection of imqbrokerd. Needed because it was detected
+	as a FTPD.
+
+	* scripts/secpod_squid_detect.nasl:
+	Fixed wrong detection of GlassFish on port 8080 as a Squid
+
 2009-05-07 Chandrashekhar B <bchandra at secpod.com>
 	* scripts/gb_google_chrome_settimeout_xss_vuln.nasl,
 	scripts/gb_google_chrome_mult_xss_vuln_may09.nasl,

Added: trunk/openvas-plugins/scripts/GlassFish_34824.nasl
===================================================================
--- trunk/openvas-plugins/scripts/GlassFish_34824.nasl	2009-05-10 12:58:10 UTC (rev 3308)
+++ trunk/openvas-plugins/scripts/GlassFish_34824.nasl	2009-05-10 15:01:14 UTC (rev 3309)
@@ -0,0 +1,87 @@
+###############################################################################
+# OpenVAS Vulnerability Test
+# $Id$
+#
+# GlassFish Enterprise Server Multiple Cross Site Scripting
+# Vulnerabilities
+#
+# Authors
+# Michael Meyer
+#
+# Copyright:
+# Copyright (c) 2009 Michael Meyer
+#
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License version 2
+# (or any later version), as published by the Free Software Foundation.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, write to the Free Software
+# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
+###############################################################################
+
+if (description)
+{
+ script_id(100191);
+ script_bugtraq_id(34824);
+ script_version ("1.0");
+
+ script_name(english:"GlassFish Enterprise Server Multiple Cross Site Scripting Vulnerabilities");
+ desc["english"] = "
+
+ Overview:
+  GlassFish Enterprise Server is prone to multiple cross-site
+  scripting vulnerabilities because it fails to sufficiently sanitize
+  user-supplied input.
+
+  Attacker-supplied HTML and script code would run in the context of
+  the affected site, potentially allowing the attacker to steal
+  cookie-based authentication credentials.
+
+  GlassFish Enterprise Server 2.1 is vulnerable; other versions may
+  also be affected.
+
+ Solution:
+  Updates are available. Please see https://glassfish.dev.java.net/ and/or
+  http://www.sun.com/software/products/appsrvr/index.xml for more information.
+
+ See also:
+  http://www.securityfocus.com/bid/34824
+
+ Risk factor : Medium";
+
+ script_description(english:desc["english"]);
+ script_summary(english:"Determine if GlassFish is vulnerable to XSS");
+ script_category(ACT_GATHER_INFO);
+ script_family(english:"Web application abuses");
+ script_copyright(english:"This script is Copyright (C) 2009 Michael Meyer");
+ script_dependencie("GlassFish_detect.nasl");
+ script_require_ports("Services/www", 8080);
+ exit(0);
+}
+
+include("http_func.inc");
+include("version_func.inc");
+
+port = get_http_port(default:8080);
+
+if(!get_port_state(port))exit(0);
+
+if(get_kb_item(string("www/", port, "/GlassFishAdminConsole")))exit(0);
+if(!vers = get_kb_item(string("www/", port, "/GlassFish")))exit(0);
+
+if(!isnull(vers) && vers >!< "unknown") {
+
+  if(version_is_equal(version: vers, test_version: "2.1")) {
+      security_warning(port:port);
+      exit(0);
+  }  
+
+}
+
+exit(0);


Property changes on: trunk/openvas-plugins/scripts/GlassFish_34824.nasl
___________________________________________________________________
Name: svn:keywords
   + ID

Added: trunk/openvas-plugins/scripts/GlassFish_detect.nasl
===================================================================
--- trunk/openvas-plugins/scripts/GlassFish_detect.nasl	2009-05-10 12:58:10 UTC (rev 3308)
+++ trunk/openvas-plugins/scripts/GlassFish_detect.nasl	2009-05-10 15:01:14 UTC (rev 3309)
@@ -0,0 +1,109 @@
+###############################################################################
+# OpenVAS Vulnerability Test
+# $Id$
+#
+# GlassFish Server Detection
+#
+# Authors:
+# Michael Meyer
+#
+# Copyright:
+# Copyright (c) 2009 Michael Meyer
+#
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License version 2
+# (or any later version), as published by the Free Software Foundation.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, write to the Free Software
+# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
+###############################################################################
+
+# need desc here to modify it later in script.
+desc["english"] = "
+
+ Overview:
+  GlassFish, an application server project led by Sun Microsystems for
+  the Java EE platform is running at this host.
+
+ See also:
+  https://glassfish.dev.java.net/
+
+ Risk factor : None";
+
+if (description)
+{
+ script_id(100190);
+ script_version ("1.0");
+
+ script_name(english:"GlassFish Server Detection");  
+
+ script_description(english:desc["english"]);
+ script_summary(english:"Checks for the presence of GlassFish Server");
+ script_category(ACT_GATHER_INFO);
+ script_family(english:"Service detection");
+ script_copyright(english:"This script is Copyright (C) 2009 Michael Meyer");
+ script_dependencie("find_service.nes", "http_version.nasl");
+ script_require_ports("Services/www", 8080);
+ script_exclude_keys("Settings/disable_cgi_scanning");
+ exit(0);
+}
+
+include("http_func.inc");
+include("http_keepalive.inc");
+include("global_settings.inc");
+
+port = get_http_port(default:8080);
+
+if(!get_port_state(port))exit(0);
+
+ url = string("/"); 
+ req = http_get(item:url, port:port);
+ buf = http_keepalive_send_recv(port:port, data:req, bodyonly:FALSE);  
+
+ if( buf == NULL )continue;
+ if( egrep(pattern: 'Server:.*GlassFish.*', string: buf, icase: TRUE) )
+ { 
+   
+    vers = string("unknown");
+
+    ### try to get version.
+    version = eregmatch(string: buf, pattern: 'Server:.*GlassFish[^0-9]+v([0-9.]+)',icase:TRUE);
+    
+    if ( !isnull(version[1]) ) {
+       vers=version[1];
+    } 
+
+    if(egrep(pattern:"Location:.*login.jsf", string: buf)) {
+      report = "\nThe GlassFish Administration Console is running at this Port.\n";
+      set_kb_item(name: string("www/", port, "/GlassFishAdminConsole"), value: TRUE);
+    }  else {
+      set_kb_item(name: string("www/", port, "/GlassFish"), value: vers);	
+    }  
+
+    info = string("None\n\nGlassFish Version '");
+    info += string(vers);
+    info += string("' was detected on the remote host\n");
+
+    desc = ereg_replace(
+        string:desc["english"],
+        pattern:"None$",
+        replace:info
+    );    
+       
+       if(report_verbosity > 0) {
+	 if(report) {
+	  desc = report;
+	 }  
+         security_note(port:port,data:string(desc));
+       }
+       exit(0);
+  
+ }
+
+exit(0);


Property changes on: trunk/openvas-plugins/scripts/GlassFish_detect.nasl
___________________________________________________________________
Name: svn:keywords
   + ID

Added: trunk/openvas-plugins/scripts/TinyWebGallery_34892.nasl
===================================================================
--- trunk/openvas-plugins/scripts/TinyWebGallery_34892.nasl	2009-05-10 12:58:10 UTC (rev 3308)
+++ trunk/openvas-plugins/scripts/TinyWebGallery_34892.nasl	2009-05-10 15:01:14 UTC (rev 3309)
@@ -0,0 +1,90 @@
+###############################################################################
+# OpenVAS Vulnerability Test
+# $Id$
+#
+# TinyWebGallery '/admin/_include/init.php' Local File Include
+# Vulnerability
+#
+# Authors
+# Michael Meyer
+#
+# Copyright:
+# Copyright (c) 2009 Michael Meyer
+#
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License version 2
+# (or any later version), as published by the Free Software Foundation.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, write to the Free Software
+# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
+###############################################################################
+
+if (description)
+{
+ script_id(100193);
+ script_bugtraq_id(34892);
+ script_version ("1.0");
+
+ script_name(english:"TinyWebGallery '/admin/_include/init.php' Local File Include Vulnerability");
+ desc["english"] = "
+
+ Overview:
+  TinyWebGallery is prone to a local file-include vulnerability
+  because it fails to properly sanitize user-supplied input.
+
+  An attacker can exploit this vulnerability to view files and execute
+  local scripts in the context of the webserver process. This may aid
+  in further attacks.
+
+  TinyWebGallery 1.7.6 is vulnerable; other versions may also be
+  affected.
+
+ Solution:
+  An update is available. Please see http://www.tinywebgallery.com
+  for more information.
+
+ See also:
+  http://www.securityfocus.com/bid/34892
+  http://www.tinywebgallery.com/forum/viewtopic.php?t=1653
+
+ Risk factor : High";
+
+ script_description(english:desc["english"]);
+ script_summary(english:"Determine if TinyWebGallery is vulnerable to Local File Include");
+ script_category(ACT_GATHER_INFO);
+ script_family(english:"Web application abuses");
+ script_copyright(english:"This script is Copyright (C) 2009 Michael Meyer");
+ script_dependencie("TinyWebGallery_detect.nasl");
+ script_require_ports("Services/www", 80);
+ script_exclude_keys("Settings/disable_cgi_scanning");
+ exit(0);
+}
+
+include("http_func.inc");
+include("version_func.inc");
+
+port = get_http_port(default:80);
+
+if(!get_port_state(port))exit(0);
+if(!can_host_php(port:port))exit(0);
+
+if(!version = get_kb_item(string("www/", port, "/TinyWebGallery")))exit(0);
+if(!matches = eregmatch(string:version, pattern:"^(.+) under (/.*)$"))exit(0);
+
+vers = matches[1];
+
+if(!isnull(vers) && vers >!< "unknown") {
+
+  if(version_is_equal(version: vers, test_version: "1.7.6")) {
+     security_hole(port:port);
+     exit(0);
+  }   
+}
+
+exit(0);


Property changes on: trunk/openvas-plugins/scripts/TinyWebGallery_34892.nasl
___________________________________________________________________
Name: svn:keywords
   + ID

Added: trunk/openvas-plugins/scripts/TinyWebGallery_detect.nasl
===================================================================
--- trunk/openvas-plugins/scripts/TinyWebGallery_detect.nasl	2009-05-10 12:58:10 UTC (rev 3308)
+++ trunk/openvas-plugins/scripts/TinyWebGallery_detect.nasl	2009-05-10 15:01:14 UTC (rev 3309)
@@ -0,0 +1,109 @@
+###############################################################################
+# OpenVAS Vulnerability Test
+# $Id$
+#
+# TinyWebGallery Detection
+#
+# Authors
+# Michael Meyer
+#
+# Copyright:
+# Copyright (c) 2009 Michael Meyer
+#
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License version 2
+# (or any later version), as published by the Free Software Foundation.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, write to the Free Software
+# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
+###############################################################################
+
+ desc["english"] = "
+
+  Overview:
+    The TinyWebGallery, a free php based photo album / gallery is running
+    at this host.
+
+  See also:
+   http://www.tinywebgallery.com
+
+  Risk factor : None";
+
+if (description)
+{
+ script_id(100192);
+ script_version ("1.0");
+
+ script_name(english:"TinyWebGallery Detection");
+ script_description(english:desc["english"]);
+ script_summary(english:"Checks for the presence of TinyWebGallery");
+ script_category(ACT_GATHER_INFO);
+ script_family(english:"Service detection");
+ script_copyright(english:"This script is Copyright (C) 2009 Michael Meyer");
+ script_dependencie("find_service.nes", "http_version.nasl");
+ script_require_ports("Services/www", 80);
+ script_exclude_keys("Settings/disable_cgi_scanning");
+ exit(0);
+}
+
+include("http_func.inc");
+include("http_keepalive.inc");
+include("version_func.inc");
+
+port = get_http_port(default:80);
+
+if(!get_port_state(port))exit(0);
+if(!can_host_php(port:port))exit(0);
+
+dirs = make_list("/tinywebgallery","/gallery","/twg",cgi_dirs());
+
+foreach dir (dirs) {
+
+    url = string(dir, "/admin/index.php"); 
+    req = http_get(item:url, port:port);
+    buf = http_keepalive_send_recv(port:port, data:req, bodyonly:FALSE);
+
+    if( buf == NULL )continue; 
+    if(egrep(pattern:"TWG Administration", string: buf) &&
+       egrep(pattern:"TWG Admin [0-9.]+", string: buf))
+    {    
+
+         if(strlen(dir)>0) {
+            install=dir;
+         } else {
+            install=string("/");
+         }
+
+         vers = string("unknown");
+
+	 version = eregmatch(pattern:"TWG Admin ([0-9.]+)", string:buf);
+
+	 if(!isnull(version[1])) {
+           vers = version[1];
+	 }  
+
+	 set_kb_item(name: string("www/", port, "/TinyWebGallery"), value: string(vers," under ",install));
+
+         info = string("None\n\nTinyWebGallery Version '");
+         info += string(vers);
+         info += string("' was detected on the remote host in the following directory(s):\n\n");
+         info += string(install, "\n"); 
+
+	desc = ereg_replace(
+          string:desc["english"],
+          pattern:"None$",
+          replace:info
+        );
+
+         security_note(port:port,data:desc);
+         exit(0);
+    }	 
+}
+
+exit(0);


Property changes on: trunk/openvas-plugins/scripts/TinyWebGallery_detect.nasl
___________________________________________________________________
Name: svn:keywords
   + ID

Modified: trunk/openvas-plugins/scripts/find_service_3digits.nasl
===================================================================
--- trunk/openvas-plugins/scripts/find_service_3digits.nasl	2009-05-10 12:58:10 UTC (rev 3308)
+++ trunk/openvas-plugins/scripts/find_service_3digits.nasl	2009-05-10 15:01:14 UTC (rev 3309)
@@ -115,6 +115,16 @@
   report_service(port: port, svc: 'hylafax', banner: banner);
   exit(0);
  }
+# nb: this must come before FTP recognition.
+ if(egrep(pattern:"^101", string: banner) &&
+   (egrep(pattern:"[a-zA-Z]+broker", string: banner,icase:TRUE) ||
+    egrep(pattern:"portmapper tcp PORTMAPPER", string:banner))) 
+ {
+    # iMQ Broker Rendezvous(imqbrokerd) 
+    register_service(port: port, proto: "imqbrokerd");
+    security_note(port:port,data:string("A Message Queue broker is running at this port.\n"));
+    exit(0);
+ }  
  if ("PORT" >< help || "PASV" >< help)
  {
   report_service(port:port, svc: 'ftp', banner: banner); 

Added: trunk/openvas-plugins/scripts/realty_web_base_34886.nasl
===================================================================
--- trunk/openvas-plugins/scripts/realty_web_base_34886.nasl	2009-05-10 12:58:10 UTC (rev 3308)
+++ trunk/openvas-plugins/scripts/realty_web_base_34886.nasl	2009-05-10 15:01:14 UTC (rev 3309)
@@ -0,0 +1,108 @@
+###############################################################################
+# OpenVAS Vulnerability Test
+# $Id$
+#
+# Realty Web-Base 'admin/admin.php' Multiple SQL Injection
+# Vulnerabilities
+#
+# Authors
+# Michael Meyer
+#
+# Copyright:
+# Copyright (c) 2009 Michael Meyer
+#
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License version 2
+# (or any later version), as published by the Free Software Foundation.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, write to the Free Software
+# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
+###############################################################################
+
+if (description)
+{
+ script_id(100195);
+ script_bugtraq_id(34886);
+ script_version ("1.0");
+
+ script_name(english:"Realty Web-Base 'admin/admin.php' Multiple SQL Injection Vulnerabilities");
+ desc["english"] = "
+
+ Overview:
+  Realty Web-Base is prone to multiple SQL-injection vulnerabilities
+  because it fails to sufficiently sanitize user-supplied data before
+  using it in an SQL query.
+
+  Exploiting these issues can allow an attacker to compromise the
+  application, access or modify data, or exploit latent
+  vulnerabilities in the underlying database.
+
+ See also:
+  http://www.securityfocus.com/bid/34886
+
+ Risk factor : Medium";
+
+ script_description(english:desc["english"]);
+ script_summary(english:"Determine if Realty Web-Base is vulnerable to SQL Injection");
+ script_category(ACT_GATHER_INFO);
+ script_family(english:"Web application abuses");
+ script_copyright(english:"This script is Copyright (C) 2009 Michael Meyer");
+ script_dependencie("realty_web_base_detect.nasl");
+ script_require_ports("Services/www", 80);
+ script_exclude_keys("Settings/disable_cgi_scanning");
+ exit(0);
+}
+
+include("http_func.inc");
+include("version_func.inc");
+
+port = get_http_port(default:80);
+
+if(!get_port_state(port))exit(0);
+if(!can_host_php(port:port))exit(0);
+
+if(!version = get_kb_item(string("www/", port, "/RealtyWebBase")))exit(0);
+if(!matches = eregmatch(string:version, pattern:"^(.+) under (/.*)$"))exit(0);
+
+vers = matches[1];
+dir  = matches[2];
+
+if(!isnull(vers) && vers >!< "unknown") {
+
+  if(version_is_equal(version: vers, test_version: "1.0")) {
+     security_hole(port:port);
+     exit(0);
+  }   
+} else {
+
+  variables = string("user=%27%20or%20%271=1&password=%27%20or%20%271=1");
+  filename = string(dir,"/admin/admin.php");
+  host=get_host_name();
+
+  req = string(
+              "POST ", filename, " HTTP/1.1\r\n",
+              "Referer: ","http://", host, filename, "\r\n",
+              "Host: ", host, ":", port, "\r\n",
+              "Content-Type: application/x-www-form-urlencoded\r\n",
+              "Content-Length: ", strlen(variables),
+              "\r\n\r\n",
+              variables
+            );
+
+  result = http_send_recv(port:port, data:req, bodyonly:FALSE);
+  if( result == NULL )exit(0);
+
+  if(egrep(pattern:"Realty Web-Base: Administration Center", string:result)) {
+    security_warning(port);
+    exit(0);
+  }  
+
+}  
+
+exit(0);


Property changes on: trunk/openvas-plugins/scripts/realty_web_base_34886.nasl
___________________________________________________________________
Name: svn:keywords
   + ID

Added: trunk/openvas-plugins/scripts/realty_web_base_detect.nasl
===================================================================
--- trunk/openvas-plugins/scripts/realty_web_base_detect.nasl	2009-05-10 12:58:10 UTC (rev 3308)
+++ trunk/openvas-plugins/scripts/realty_web_base_detect.nasl	2009-05-10 15:01:14 UTC (rev 3309)
@@ -0,0 +1,110 @@
+###############################################################################
+# OpenVAS Vulnerability Test
+# $Id$
+#
+# Realty Web-Base Detection
+#
+# Authors
+# Michael Meyer
+#
+# Copyright:
+# Copyright (c) 2009 Michael Meyer
+#
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License version 2
+# (or any later version), as published by the Free Software Foundation.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, write to the Free Software
+# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
+###############################################################################
+
+ desc["english"] = "
+
+  Overview:
+   Realty Web-Base, a content management and customer communication
+   suite is running at this host. 
+
+  See also:
+   http://www.realtywebware.com
+
+  Risk factor : None";
+
+if (description)
+{
+ script_id(100194);
+ script_version ("1.0");
+
+ script_name(english:"Realty Web-Base Detection");
+ script_description(english:desc["english"]);
+ script_summary(english:"Checks for the presence of Realty Web-Base");
+ script_category(ACT_GATHER_INFO);
+ script_family(english:"Service detection");
+ script_copyright(english:"This script is Copyright (C) 2009 Michael Meyer");
+ script_dependencie("find_service.nes", "http_version.nasl");
+ script_require_ports("Services/www", 80);
+ script_exclude_keys("Settings/disable_cgi_scanning");
+ exit(0);
+}
+
+include("http_func.inc");
+include("http_keepalive.inc");
+include("version_func.inc");
+
+port = get_http_port(default:80);
+
+if(!get_port_state(port))exit(0);
+if(!can_host_php(port:port))exit(0);
+
+dirs = make_list("/cms",cgi_dirs());
+
+foreach dir (dirs) {
+
+    url = string(dir, "/admin/index.php"); 
+    req = http_get(item:url, port:port);
+    buf = http_keepalive_send_recv(port:port, data:req, bodyonly:FALSE);
+
+    if( buf == NULL )continue; 
+    
+    if(egrep(pattern:"Realty Webware [0-9.]+", string: buf) &&
+       egrep(pattern:"Set-Cookie: owner", string: buf) )
+    {    
+
+         if(strlen(dir)>0) {
+            install=dir;
+         } else {
+            install=string("/");
+         }
+
+         vers = string("unknown");
+
+	 version = eregmatch(pattern:"Realty Webware ([0-9.]+)", string:buf);
+
+	 if(!isnull(version[1])) {
+           vers = version[1];
+	 }  
+
+	 set_kb_item(name: string("www/", port, "/RealtyWebBase"), value: string(vers," under ",install));
+
+         info = string("None\n\nRealty Web-Base Version '");
+         info += string(vers);
+         info += string("' was detected on the remote host in the following directory(s):\n\n");
+         info += string(install, "\n"); 
+
+	desc = ereg_replace(
+          string:desc["english"],
+          pattern:"None$",
+          replace:info
+        );
+
+         security_note(port:port,data:desc);
+         exit(0);
+    }	 
+}
+
+exit(0);


Property changes on: trunk/openvas-plugins/scripts/realty_web_base_detect.nasl
___________________________________________________________________
Name: svn:keywords
   + ID

Modified: trunk/openvas-plugins/scripts/remote-detect-Leap_CMS.nasl
===================================================================
--- trunk/openvas-plugins/scripts/remote-detect-Leap_CMS.nasl	2009-05-10 12:58:10 UTC (rev 3308)
+++ trunk/openvas-plugins/scripts/remote-detect-Leap_CMS.nasl	2009-05-10 15:01:14 UTC (rev 3309)
@@ -77,7 +77,6 @@
 
 if(response){
 
-	server = eregmatch(pattern:"Server: ([a-zA-Z]+)/([0-9.]+)",string:response);
 	vendor = eregmatch(pattern:'Powered by <a href="http://leap.gowondesigns.com/">Leap</a> ([0-9.]+)',string:response, icase:TRUE);
 	
 	if(vendor){
@@ -86,14 +85,16 @@
 		set_kb_item(name:"LeapCMS/installed", value:TRUE);
 		set_kb_item(name:"LeapCMS/port", value:port);
 		set_kb_item(name:"LeapCMS/version", value:vendor[1]);
-	}
 
-	if(server){
+		server = eregmatch(pattern:"Server: ([a-zA-Z]+)/([0-9.]+)",string:response);
+
+	        if(server){
 		
-		set_kb_item(name:"LeapServer/type", value:server[1]);
-		set_kb_item(name:"LeapServer/version", value:server[2]);
-		report += " on " + server[0];
-		}
+	  	        set_kb_item(name:"LeapServer/type", value:server[1]);
+		        set_kb_item(name:"LeapServer/version", value:server[2]);
+		        report += " on " + server[0];
+		        }
+	}
 }
 if(report)
 	security_note(port:port, data:report);

Modified: trunk/openvas-plugins/scripts/secpod_squid_detect.nasl
===================================================================
--- trunk/openvas-plugins/scripts/secpod_squid_detect.nasl	2009-05-10 12:58:10 UTC (rev 3308)
+++ trunk/openvas-plugins/scripts/secpod_squid_detect.nasl	2009-05-10 15:01:14 UTC (rev 3309)
@@ -72,7 +72,7 @@
 res = http_recv(socket:soc);
 http_close_socket(soc);
 
-data = egrep(pattern:"^Server: ", string:res);
+data = egrep(pattern:"^Server: squid", string:res);
 version = data - "Server: squid/" - '\r\n';
 if(version){
   set_kb_item(name:"www/" + port + "/Squid", value:version);



More information about the Openvas-commits mailing list