[Openvas-commits] r3309 - in trunk/openvas-plugins: . scripts
scm-commit@wald.intevation.org
scm-commit at wald.intevation.org
Sun May 10 17:01:16 CEST 2009
Author: mime
Date: 2009-05-10 17:01:14 +0200 (Sun, 10 May 2009)
New Revision: 3309
Added:
trunk/openvas-plugins/scripts/GlassFish_34824.nasl
trunk/openvas-plugins/scripts/GlassFish_detect.nasl
trunk/openvas-plugins/scripts/TinyWebGallery_34892.nasl
trunk/openvas-plugins/scripts/TinyWebGallery_detect.nasl
trunk/openvas-plugins/scripts/realty_web_base_34886.nasl
trunk/openvas-plugins/scripts/realty_web_base_detect.nasl
Modified:
trunk/openvas-plugins/ChangeLog
trunk/openvas-plugins/scripts/find_service_3digits.nasl
trunk/openvas-plugins/scripts/remote-detect-Leap_CMS.nasl
trunk/openvas-plugins/scripts/secpod_squid_detect.nasl
Log:
Added new plugins. Bugfixes
Modified: trunk/openvas-plugins/ChangeLog
===================================================================
--- trunk/openvas-plugins/ChangeLog 2009-05-10 12:58:10 UTC (rev 3308)
+++ trunk/openvas-plugins/ChangeLog 2009-05-10 15:01:14 UTC (rev 3309)
@@ -1,3 +1,22 @@
+2009-05-10 Michael Meyer <mime at gmx.de>
+ * scripts/GlassFish_34824.nasl,
+ scripts/realty_web_base_detect.nasl,
+ scripts/TinyWebGallery_34892.nasl,
+ scripts/TinyWebGallery_detect.nasl,
+ scripts/realty_web_base_34886.nasl,
+ scripts/GlassFish_detect.nasl:
+ Added new plugins
+
+ * scripts/remote-detect-Leap_CMS.nasl:
+ Fixed wrong detection of GlassFish on port 8080 as a Leap CMS
+
+ * scripts/find_service_3digits.nasl:
+ Added detection of imqbrokerd. Needed because it was detected
+ as a FTPD.
+
+ * scripts/secpod_squid_detect.nasl:
+ Fixed wrong detection of GlassFish on port 8080 as a Squid
+
2009-05-07 Chandrashekhar B <bchandra at secpod.com>
* scripts/gb_google_chrome_settimeout_xss_vuln.nasl,
scripts/gb_google_chrome_mult_xss_vuln_may09.nasl,
Added: trunk/openvas-plugins/scripts/GlassFish_34824.nasl
===================================================================
--- trunk/openvas-plugins/scripts/GlassFish_34824.nasl 2009-05-10 12:58:10 UTC (rev 3308)
+++ trunk/openvas-plugins/scripts/GlassFish_34824.nasl 2009-05-10 15:01:14 UTC (rev 3309)
@@ -0,0 +1,87 @@
+###############################################################################
+# OpenVAS Vulnerability Test
+# $Id$
+#
+# GlassFish Enterprise Server Multiple Cross Site Scripting
+# Vulnerabilities
+#
+# Authors
+# Michael Meyer
+#
+# Copyright:
+# Copyright (c) 2009 Michael Meyer
+#
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License version 2
+# (or any later version), as published by the Free Software Foundation.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, write to the Free Software
+# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
+###############################################################################
+
+if (description)
+{
+ script_id(100191);
+ script_bugtraq_id(34824);
+ script_version ("1.0");
+
+ script_name(english:"GlassFish Enterprise Server Multiple Cross Site Scripting Vulnerabilities");
+ desc["english"] = "
+
+ Overview:
+ GlassFish Enterprise Server is prone to multiple cross-site
+ scripting vulnerabilities because it fails to sufficiently sanitize
+ user-supplied input.
+
+ Attacker-supplied HTML and script code would run in the context of
+ the affected site, potentially allowing the attacker to steal
+ cookie-based authentication credentials.
+
+ GlassFish Enterprise Server 2.1 is vulnerable; other versions may
+ also be affected.
+
+ Solution:
+ Updates are available. Please see https://glassfish.dev.java.net/ and/or
+ http://www.sun.com/software/products/appsrvr/index.xml for more information.
+
+ See also:
+ http://www.securityfocus.com/bid/34824
+
+ Risk factor : Medium";
+
+ script_description(english:desc["english"]);
+ script_summary(english:"Determine if GlassFish is vulnerable to XSS");
+ script_category(ACT_GATHER_INFO);
+ script_family(english:"Web application abuses");
+ script_copyright(english:"This script is Copyright (C) 2009 Michael Meyer");
+ script_dependencie("GlassFish_detect.nasl");
+ script_require_ports("Services/www", 8080);
+ exit(0);
+}
+
+include("http_func.inc");
+include("version_func.inc");
+
+port = get_http_port(default:8080);
+
+if(!get_port_state(port))exit(0);
+
+if(get_kb_item(string("www/", port, "/GlassFishAdminConsole")))exit(0);
+if(!vers = get_kb_item(string("www/", port, "/GlassFish")))exit(0);
+
+if(!isnull(vers) && vers >!< "unknown") {
+
+ if(version_is_equal(version: vers, test_version: "2.1")) {
+ security_warning(port:port);
+ exit(0);
+ }
+
+}
+
+exit(0);
Property changes on: trunk/openvas-plugins/scripts/GlassFish_34824.nasl
___________________________________________________________________
Name: svn:keywords
+ ID
Added: trunk/openvas-plugins/scripts/GlassFish_detect.nasl
===================================================================
--- trunk/openvas-plugins/scripts/GlassFish_detect.nasl 2009-05-10 12:58:10 UTC (rev 3308)
+++ trunk/openvas-plugins/scripts/GlassFish_detect.nasl 2009-05-10 15:01:14 UTC (rev 3309)
@@ -0,0 +1,109 @@
+###############################################################################
+# OpenVAS Vulnerability Test
+# $Id$
+#
+# GlassFish Server Detection
+#
+# Authors:
+# Michael Meyer
+#
+# Copyright:
+# Copyright (c) 2009 Michael Meyer
+#
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License version 2
+# (or any later version), as published by the Free Software Foundation.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, write to the Free Software
+# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
+###############################################################################
+
+# need desc here to modify it later in script.
+desc["english"] = "
+
+ Overview:
+ GlassFish, an application server project led by Sun Microsystems for
+ the Java EE platform is running at this host.
+
+ See also:
+ https://glassfish.dev.java.net/
+
+ Risk factor : None";
+
+if (description)
+{
+ script_id(100190);
+ script_version ("1.0");
+
+ script_name(english:"GlassFish Server Detection");
+
+ script_description(english:desc["english"]);
+ script_summary(english:"Checks for the presence of GlassFish Server");
+ script_category(ACT_GATHER_INFO);
+ script_family(english:"Service detection");
+ script_copyright(english:"This script is Copyright (C) 2009 Michael Meyer");
+ script_dependencie("find_service.nes", "http_version.nasl");
+ script_require_ports("Services/www", 8080);
+ script_exclude_keys("Settings/disable_cgi_scanning");
+ exit(0);
+}
+
+include("http_func.inc");
+include("http_keepalive.inc");
+include("global_settings.inc");
+
+port = get_http_port(default:8080);
+
+if(!get_port_state(port))exit(0);
+
+ url = string("/");
+ req = http_get(item:url, port:port);
+ buf = http_keepalive_send_recv(port:port, data:req, bodyonly:FALSE);
+
+ if( buf == NULL )continue;
+ if( egrep(pattern: 'Server:.*GlassFish.*', string: buf, icase: TRUE) )
+ {
+
+ vers = string("unknown");
+
+ ### try to get version.
+ version = eregmatch(string: buf, pattern: 'Server:.*GlassFish[^0-9]+v([0-9.]+)',icase:TRUE);
+
+ if ( !isnull(version[1]) ) {
+ vers=version[1];
+ }
+
+ if(egrep(pattern:"Location:.*login.jsf", string: buf)) {
+ report = "\nThe GlassFish Administration Console is running at this Port.\n";
+ set_kb_item(name: string("www/", port, "/GlassFishAdminConsole"), value: TRUE);
+ } else {
+ set_kb_item(name: string("www/", port, "/GlassFish"), value: vers);
+ }
+
+ info = string("None\n\nGlassFish Version '");
+ info += string(vers);
+ info += string("' was detected on the remote host\n");
+
+ desc = ereg_replace(
+ string:desc["english"],
+ pattern:"None$",
+ replace:info
+ );
+
+ if(report_verbosity > 0) {
+ if(report) {
+ desc = report;
+ }
+ security_note(port:port,data:string(desc));
+ }
+ exit(0);
+
+ }
+
+exit(0);
Property changes on: trunk/openvas-plugins/scripts/GlassFish_detect.nasl
___________________________________________________________________
Name: svn:keywords
+ ID
Added: trunk/openvas-plugins/scripts/TinyWebGallery_34892.nasl
===================================================================
--- trunk/openvas-plugins/scripts/TinyWebGallery_34892.nasl 2009-05-10 12:58:10 UTC (rev 3308)
+++ trunk/openvas-plugins/scripts/TinyWebGallery_34892.nasl 2009-05-10 15:01:14 UTC (rev 3309)
@@ -0,0 +1,90 @@
+###############################################################################
+# OpenVAS Vulnerability Test
+# $Id$
+#
+# TinyWebGallery '/admin/_include/init.php' Local File Include
+# Vulnerability
+#
+# Authors
+# Michael Meyer
+#
+# Copyright:
+# Copyright (c) 2009 Michael Meyer
+#
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License version 2
+# (or any later version), as published by the Free Software Foundation.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, write to the Free Software
+# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
+###############################################################################
+
+if (description)
+{
+ script_id(100193);
+ script_bugtraq_id(34892);
+ script_version ("1.0");
+
+ script_name(english:"TinyWebGallery '/admin/_include/init.php' Local File Include Vulnerability");
+ desc["english"] = "
+
+ Overview:
+ TinyWebGallery is prone to a local file-include vulnerability
+ because it fails to properly sanitize user-supplied input.
+
+ An attacker can exploit this vulnerability to view files and execute
+ local scripts in the context of the webserver process. This may aid
+ in further attacks.
+
+ TinyWebGallery 1.7.6 is vulnerable; other versions may also be
+ affected.
+
+ Solution:
+ An update is available. Please see http://www.tinywebgallery.com
+ for more information.
+
+ See also:
+ http://www.securityfocus.com/bid/34892
+ http://www.tinywebgallery.com/forum/viewtopic.php?t=1653
+
+ Risk factor : High";
+
+ script_description(english:desc["english"]);
+ script_summary(english:"Determine if TinyWebGallery is vulnerable to Local File Include");
+ script_category(ACT_GATHER_INFO);
+ script_family(english:"Web application abuses");
+ script_copyright(english:"This script is Copyright (C) 2009 Michael Meyer");
+ script_dependencie("TinyWebGallery_detect.nasl");
+ script_require_ports("Services/www", 80);
+ script_exclude_keys("Settings/disable_cgi_scanning");
+ exit(0);
+}
+
+include("http_func.inc");
+include("version_func.inc");
+
+port = get_http_port(default:80);
+
+if(!get_port_state(port))exit(0);
+if(!can_host_php(port:port))exit(0);
+
+if(!version = get_kb_item(string("www/", port, "/TinyWebGallery")))exit(0);
+if(!matches = eregmatch(string:version, pattern:"^(.+) under (/.*)$"))exit(0);
+
+vers = matches[1];
+
+if(!isnull(vers) && vers >!< "unknown") {
+
+ if(version_is_equal(version: vers, test_version: "1.7.6")) {
+ security_hole(port:port);
+ exit(0);
+ }
+}
+
+exit(0);
Property changes on: trunk/openvas-plugins/scripts/TinyWebGallery_34892.nasl
___________________________________________________________________
Name: svn:keywords
+ ID
Added: trunk/openvas-plugins/scripts/TinyWebGallery_detect.nasl
===================================================================
--- trunk/openvas-plugins/scripts/TinyWebGallery_detect.nasl 2009-05-10 12:58:10 UTC (rev 3308)
+++ trunk/openvas-plugins/scripts/TinyWebGallery_detect.nasl 2009-05-10 15:01:14 UTC (rev 3309)
@@ -0,0 +1,109 @@
+###############################################################################
+# OpenVAS Vulnerability Test
+# $Id$
+#
+# TinyWebGallery Detection
+#
+# Authors
+# Michael Meyer
+#
+# Copyright:
+# Copyright (c) 2009 Michael Meyer
+#
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License version 2
+# (or any later version), as published by the Free Software Foundation.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, write to the Free Software
+# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
+###############################################################################
+
+ desc["english"] = "
+
+ Overview:
+ The TinyWebGallery, a free php based photo album / gallery is running
+ at this host.
+
+ See also:
+ http://www.tinywebgallery.com
+
+ Risk factor : None";
+
+if (description)
+{
+ script_id(100192);
+ script_version ("1.0");
+
+ script_name(english:"TinyWebGallery Detection");
+ script_description(english:desc["english"]);
+ script_summary(english:"Checks for the presence of TinyWebGallery");
+ script_category(ACT_GATHER_INFO);
+ script_family(english:"Service detection");
+ script_copyright(english:"This script is Copyright (C) 2009 Michael Meyer");
+ script_dependencie("find_service.nes", "http_version.nasl");
+ script_require_ports("Services/www", 80);
+ script_exclude_keys("Settings/disable_cgi_scanning");
+ exit(0);
+}
+
+include("http_func.inc");
+include("http_keepalive.inc");
+include("version_func.inc");
+
+port = get_http_port(default:80);
+
+if(!get_port_state(port))exit(0);
+if(!can_host_php(port:port))exit(0);
+
+dirs = make_list("/tinywebgallery","/gallery","/twg",cgi_dirs());
+
+foreach dir (dirs) {
+
+ url = string(dir, "/admin/index.php");
+ req = http_get(item:url, port:port);
+ buf = http_keepalive_send_recv(port:port, data:req, bodyonly:FALSE);
+
+ if( buf == NULL )continue;
+ if(egrep(pattern:"TWG Administration", string: buf) &&
+ egrep(pattern:"TWG Admin [0-9.]+", string: buf))
+ {
+
+ if(strlen(dir)>0) {
+ install=dir;
+ } else {
+ install=string("/");
+ }
+
+ vers = string("unknown");
+
+ version = eregmatch(pattern:"TWG Admin ([0-9.]+)", string:buf);
+
+ if(!isnull(version[1])) {
+ vers = version[1];
+ }
+
+ set_kb_item(name: string("www/", port, "/TinyWebGallery"), value: string(vers," under ",install));
+
+ info = string("None\n\nTinyWebGallery Version '");
+ info += string(vers);
+ info += string("' was detected on the remote host in the following directory(s):\n\n");
+ info += string(install, "\n");
+
+ desc = ereg_replace(
+ string:desc["english"],
+ pattern:"None$",
+ replace:info
+ );
+
+ security_note(port:port,data:desc);
+ exit(0);
+ }
+}
+
+exit(0);
Property changes on: trunk/openvas-plugins/scripts/TinyWebGallery_detect.nasl
___________________________________________________________________
Name: svn:keywords
+ ID
Modified: trunk/openvas-plugins/scripts/find_service_3digits.nasl
===================================================================
--- trunk/openvas-plugins/scripts/find_service_3digits.nasl 2009-05-10 12:58:10 UTC (rev 3308)
+++ trunk/openvas-plugins/scripts/find_service_3digits.nasl 2009-05-10 15:01:14 UTC (rev 3309)
@@ -115,6 +115,16 @@
report_service(port: port, svc: 'hylafax', banner: banner);
exit(0);
}
+# nb: this must come before FTP recognition.
+ if(egrep(pattern:"^101", string: banner) &&
+ (egrep(pattern:"[a-zA-Z]+broker", string: banner,icase:TRUE) ||
+ egrep(pattern:"portmapper tcp PORTMAPPER", string:banner)))
+ {
+ # iMQ Broker Rendezvous(imqbrokerd)
+ register_service(port: port, proto: "imqbrokerd");
+ security_note(port:port,data:string("A Message Queue broker is running at this port.\n"));
+ exit(0);
+ }
if ("PORT" >< help || "PASV" >< help)
{
report_service(port:port, svc: 'ftp', banner: banner);
Added: trunk/openvas-plugins/scripts/realty_web_base_34886.nasl
===================================================================
--- trunk/openvas-plugins/scripts/realty_web_base_34886.nasl 2009-05-10 12:58:10 UTC (rev 3308)
+++ trunk/openvas-plugins/scripts/realty_web_base_34886.nasl 2009-05-10 15:01:14 UTC (rev 3309)
@@ -0,0 +1,108 @@
+###############################################################################
+# OpenVAS Vulnerability Test
+# $Id$
+#
+# Realty Web-Base 'admin/admin.php' Multiple SQL Injection
+# Vulnerabilities
+#
+# Authors
+# Michael Meyer
+#
+# Copyright:
+# Copyright (c) 2009 Michael Meyer
+#
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License version 2
+# (or any later version), as published by the Free Software Foundation.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, write to the Free Software
+# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
+###############################################################################
+
+if (description)
+{
+ script_id(100195);
+ script_bugtraq_id(34886);
+ script_version ("1.0");
+
+ script_name(english:"Realty Web-Base 'admin/admin.php' Multiple SQL Injection Vulnerabilities");
+ desc["english"] = "
+
+ Overview:
+ Realty Web-Base is prone to multiple SQL-injection vulnerabilities
+ because it fails to sufficiently sanitize user-supplied data before
+ using it in an SQL query.
+
+ Exploiting these issues can allow an attacker to compromise the
+ application, access or modify data, or exploit latent
+ vulnerabilities in the underlying database.
+
+ See also:
+ http://www.securityfocus.com/bid/34886
+
+ Risk factor : Medium";
+
+ script_description(english:desc["english"]);
+ script_summary(english:"Determine if Realty Web-Base is vulnerable to SQL Injection");
+ script_category(ACT_GATHER_INFO);
+ script_family(english:"Web application abuses");
+ script_copyright(english:"This script is Copyright (C) 2009 Michael Meyer");
+ script_dependencie("realty_web_base_detect.nasl");
+ script_require_ports("Services/www", 80);
+ script_exclude_keys("Settings/disable_cgi_scanning");
+ exit(0);
+}
+
+include("http_func.inc");
+include("version_func.inc");
+
+port = get_http_port(default:80);
+
+if(!get_port_state(port))exit(0);
+if(!can_host_php(port:port))exit(0);
+
+if(!version = get_kb_item(string("www/", port, "/RealtyWebBase")))exit(0);
+if(!matches = eregmatch(string:version, pattern:"^(.+) under (/.*)$"))exit(0);
+
+vers = matches[1];
+dir = matches[2];
+
+if(!isnull(vers) && vers >!< "unknown") {
+
+ if(version_is_equal(version: vers, test_version: "1.0")) {
+ security_hole(port:port);
+ exit(0);
+ }
+} else {
+
+ variables = string("user=%27%20or%20%271=1&password=%27%20or%20%271=1");
+ filename = string(dir,"/admin/admin.php");
+ host=get_host_name();
+
+ req = string(
+ "POST ", filename, " HTTP/1.1\r\n",
+ "Referer: ","http://", host, filename, "\r\n",
+ "Host: ", host, ":", port, "\r\n",
+ "Content-Type: application/x-www-form-urlencoded\r\n",
+ "Content-Length: ", strlen(variables),
+ "\r\n\r\n",
+ variables
+ );
+
+ result = http_send_recv(port:port, data:req, bodyonly:FALSE);
+ if( result == NULL )exit(0);
+
+ if(egrep(pattern:"Realty Web-Base: Administration Center", string:result)) {
+ security_warning(port);
+ exit(0);
+ }
+
+}
+
+exit(0);
Property changes on: trunk/openvas-plugins/scripts/realty_web_base_34886.nasl
___________________________________________________________________
Name: svn:keywords
+ ID
Added: trunk/openvas-plugins/scripts/realty_web_base_detect.nasl
===================================================================
--- trunk/openvas-plugins/scripts/realty_web_base_detect.nasl 2009-05-10 12:58:10 UTC (rev 3308)
+++ trunk/openvas-plugins/scripts/realty_web_base_detect.nasl 2009-05-10 15:01:14 UTC (rev 3309)
@@ -0,0 +1,110 @@
+###############################################################################
+# OpenVAS Vulnerability Test
+# $Id$
+#
+# Realty Web-Base Detection
+#
+# Authors
+# Michael Meyer
+#
+# Copyright:
+# Copyright (c) 2009 Michael Meyer
+#
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License version 2
+# (or any later version), as published by the Free Software Foundation.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, write to the Free Software
+# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
+###############################################################################
+
+ desc["english"] = "
+
+ Overview:
+ Realty Web-Base, a content management and customer communication
+ suite is running at this host.
+
+ See also:
+ http://www.realtywebware.com
+
+ Risk factor : None";
+
+if (description)
+{
+ script_id(100194);
+ script_version ("1.0");
+
+ script_name(english:"Realty Web-Base Detection");
+ script_description(english:desc["english"]);
+ script_summary(english:"Checks for the presence of Realty Web-Base");
+ script_category(ACT_GATHER_INFO);
+ script_family(english:"Service detection");
+ script_copyright(english:"This script is Copyright (C) 2009 Michael Meyer");
+ script_dependencie("find_service.nes", "http_version.nasl");
+ script_require_ports("Services/www", 80);
+ script_exclude_keys("Settings/disable_cgi_scanning");
+ exit(0);
+}
+
+include("http_func.inc");
+include("http_keepalive.inc");
+include("version_func.inc");
+
+port = get_http_port(default:80);
+
+if(!get_port_state(port))exit(0);
+if(!can_host_php(port:port))exit(0);
+
+dirs = make_list("/cms",cgi_dirs());
+
+foreach dir (dirs) {
+
+ url = string(dir, "/admin/index.php");
+ req = http_get(item:url, port:port);
+ buf = http_keepalive_send_recv(port:port, data:req, bodyonly:FALSE);
+
+ if( buf == NULL )continue;
+
+ if(egrep(pattern:"Realty Webware [0-9.]+", string: buf) &&
+ egrep(pattern:"Set-Cookie: owner", string: buf) )
+ {
+
+ if(strlen(dir)>0) {
+ install=dir;
+ } else {
+ install=string("/");
+ }
+
+ vers = string("unknown");
+
+ version = eregmatch(pattern:"Realty Webware ([0-9.]+)", string:buf);
+
+ if(!isnull(version[1])) {
+ vers = version[1];
+ }
+
+ set_kb_item(name: string("www/", port, "/RealtyWebBase"), value: string(vers," under ",install));
+
+ info = string("None\n\nRealty Web-Base Version '");
+ info += string(vers);
+ info += string("' was detected on the remote host in the following directory(s):\n\n");
+ info += string(install, "\n");
+
+ desc = ereg_replace(
+ string:desc["english"],
+ pattern:"None$",
+ replace:info
+ );
+
+ security_note(port:port,data:desc);
+ exit(0);
+ }
+}
+
+exit(0);
Property changes on: trunk/openvas-plugins/scripts/realty_web_base_detect.nasl
___________________________________________________________________
Name: svn:keywords
+ ID
Modified: trunk/openvas-plugins/scripts/remote-detect-Leap_CMS.nasl
===================================================================
--- trunk/openvas-plugins/scripts/remote-detect-Leap_CMS.nasl 2009-05-10 12:58:10 UTC (rev 3308)
+++ trunk/openvas-plugins/scripts/remote-detect-Leap_CMS.nasl 2009-05-10 15:01:14 UTC (rev 3309)
@@ -77,7 +77,6 @@
if(response){
- server = eregmatch(pattern:"Server: ([a-zA-Z]+)/([0-9.]+)",string:response);
vendor = eregmatch(pattern:'Powered by <a href="http://leap.gowondesigns.com/">Leap</a> ([0-9.]+)',string:response, icase:TRUE);
if(vendor){
@@ -86,14 +85,16 @@
set_kb_item(name:"LeapCMS/installed", value:TRUE);
set_kb_item(name:"LeapCMS/port", value:port);
set_kb_item(name:"LeapCMS/version", value:vendor[1]);
- }
- if(server){
+ server = eregmatch(pattern:"Server: ([a-zA-Z]+)/([0-9.]+)",string:response);
+
+ if(server){
- set_kb_item(name:"LeapServer/type", value:server[1]);
- set_kb_item(name:"LeapServer/version", value:server[2]);
- report += " on " + server[0];
- }
+ set_kb_item(name:"LeapServer/type", value:server[1]);
+ set_kb_item(name:"LeapServer/version", value:server[2]);
+ report += " on " + server[0];
+ }
+ }
}
if(report)
security_note(port:port, data:report);
Modified: trunk/openvas-plugins/scripts/secpod_squid_detect.nasl
===================================================================
--- trunk/openvas-plugins/scripts/secpod_squid_detect.nasl 2009-05-10 12:58:10 UTC (rev 3308)
+++ trunk/openvas-plugins/scripts/secpod_squid_detect.nasl 2009-05-10 15:01:14 UTC (rev 3309)
@@ -72,7 +72,7 @@
res = http_recv(socket:soc);
http_close_socket(soc);
-data = egrep(pattern:"^Server: ", string:res);
+data = egrep(pattern:"^Server: squid", string:res);
version = data - "Server: squid/" - '\r\n';
if(version){
set_kb_item(name:"www/" + port + "/Squid", value:version);
More information about the Openvas-commits
mailing list