[Openvas-commits] r3368 - in trunk/openvas-plugins: . scripts

scm-commit@wald.intevation.org scm-commit at wald.intevation.org
Thu May 14 12:53:08 CEST 2009 

Author: mime
Date: 2009-05-14 12:53:07 +0200 (Thu, 14 May 2009)
New Revision: 3368

Added:
   trunk/openvas-plugins/scripts/dokeos_34928.nasl
   trunk/openvas-plugins/scripts/zervit_34530.nasl
Modified:
   trunk/openvas-plugins/ChangeLog
Log:
Added new plugins

Modified: trunk/openvas-plugins/ChangeLog
===================================================================
--- trunk/openvas-plugins/ChangeLog	2009-05-14 09:06:46 UTC (rev 3367)
+++ trunk/openvas-plugins/ChangeLog	2009-05-14 10:53:07 UTC (rev 3368)
@@ -1,3 +1,8 @@
+2009-05-14 Michael Meyer <mime at gmx.de>
+	* scripts/dokeos_34928.nasl,
+	scripts/zervit_34530.nasl:
+	Added new plugins
+
 2009-05-13 Chandan S <schandan at secpod.com>
 	* scripts/gb_ms_powerpoint_code_exec_vuln.nasl:
 	Modified to reflect MS09-017 Bulletin.

Added: trunk/openvas-plugins/scripts/dokeos_34928.nasl
===================================================================
--- trunk/openvas-plugins/scripts/dokeos_34928.nasl	2009-05-14 09:06:46 UTC (rev 3367)
+++ trunk/openvas-plugins/scripts/dokeos_34928.nasl	2009-05-14 10:53:07 UTC (rev 3368)
@@ -0,0 +1,92 @@
+###############################################################################
+# OpenVAS Vulnerability Test
+# $Id$
+#
+# Dokeos Multiple Remote Input Validation Vulnerabilities
+#
+# Authors
+# Michael Meyer
+#
+# Copyright:
+# Copyright (c) 2009 Michael Meyer
+#
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License version 2
+# (or any later version), as published by the Free Software Foundation.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, write to the Free Software
+# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
+###############################################################################
+
+if (description)
+{
+ script_id(100200);
+ script_bugtraq_id(34928 );
+ script_version ("1.0");
+
+ script_name(english:"Dokeos Multiple Remote Input Validation Vulnerabilities");
+ desc["english"] = "
+
+ Overview:
+  Dokeos is prone to multiple input-validation vulnerabilities, including
+  SQL-injection, HTML-injection, cross-site scripting, and cross-site
+  request-forgery issues.
+
+  Attackers can exploit these issues to execute arbitrary script code
+  in the context of the webserver, compromise the application, obtain
+  sensitive information, steal cookie-based authentication credentials
+  from legitimate users of the site, modify the way the site is
+  rendered, perform certain unauthorized actions in the context of a
+  user, access or modify data, or exploit latent vulnerabilities in
+  the underlying database.
+
+  Dokeos 1.8.5 is affected; prior versions may also be affected. 
+
+ See also:
+  http://www.securityfocus.com/bid/34928
+
+ Risk factor : Medium";
+
+ script_description(english:desc["english"]);
+ script_summary(english:"Determine if Dokeos Version == 1.8.5");
+ script_category(ACT_GATHER_INFO);
+ script_family(english:"Web application abuses");
+ script_copyright(english:"This script is Copyright (C) 2009 Michael Meyer");
+ script_dependencie("dokeos_detect.nasl");
+ script_require_ports("Services/www", 80);
+ script_exclude_keys("Settings/disable_cgi_scanning");
+ exit(0);
+}
+
+include("http_func.inc");
+include("http_keepalive.inc");
+include("version_func.inc");
+
+port = get_http_port(default:80);
+
+if(!get_port_state(port))exit(0);
+if(!can_host_php(port:port))exit(0);
+
+if(!version = get_kb_item(string("www/", port, "/dokeos")))exit(0);
+if(!matches = eregmatch(string:version, pattern:"^(.+) under (/.*)$"))exit(0);
+
+vers = matches[1];
+
+if(!isnull(vers) && vers >!< "unknown") {
+
+  if(version_is_equal(version: vers, test_version: "1.8.5")) {
+    
+      security_warning(port:port);
+      exit(0);
+
+ }  
+
+}  
+
+exit(0);


Property changes on: trunk/openvas-plugins/scripts/dokeos_34928.nasl
___________________________________________________________________
Name: svn:keywords
   + ID

Added: trunk/openvas-plugins/scripts/zervit_34530.nasl
===================================================================
--- trunk/openvas-plugins/scripts/zervit_34530.nasl	2009-05-14 09:06:46 UTC (rev 3367)
+++ trunk/openvas-plugins/scripts/zervit_34530.nasl	2009-05-14 10:53:07 UTC (rev 3368)
@@ -0,0 +1,89 @@
+###############################################################################
+# OpenVAS Vulnerability Test
+# $Id$
+#
+# Zervit Webserver multiple vulnerabilities
+#
+# Authors
+# Michael Meyer
+#
+# Copyright:
+# Copyright (c) 2009 Michael Meyer
+#
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License version 2
+# (or any later version), as published by the Free Software Foundation.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, write to the Free Software
+# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
+###############################################################################
+
+if (description)
+{
+ script_id(100199);
+ script_bugtraq_id(34530,34570);
+ script_version ("1.0");
+
+ script_name(english:"Zervit Webserver multiple vulnerabilities");
+ desc["english"] = "
+
+ Overview:
+  According to its version number, the remote version of Zervit HTTP
+  server is prone to a remote buffer-overflow vulnerability and to a
+  directory-traversal vulnerability.
+
+  An attacker can exploit the remote buffer-overflow issue to execute
+  arbitrary code within the context of the affected application.
+  Failed exploit attempts will result in a denial-of-service
+  condition. 
+
+  Exploiting the directory-traversal issue will allow an attacker to
+  view arbitrary local files within the context of the webserver.
+  Information harvested may aid in launching further attacks.
+
+  Zervit 0.2, 0.3 and 0.4 are vulnerable; other versions may also be
+  affected. 
+
+ See also:
+  http://www.securityfocus.com/bid/34530
+  http://www.securityfocus.com/bid/34570
+
+ Risk factor : High";
+
+ script_description(english:desc["english"]);
+ script_summary(english:"Determine if Zervit is prone to multiple multiple Vulnerabilities");
+ script_category(ACT_GATHER_INFO);
+ script_family(english:"Web Servers");
+ script_copyright(english:"This script is Copyright (C) 2009 Michael Meyer");
+ script_dependencie("find_service.nes", "http_version.nasl");
+ script_require_ports("Services/www", 80);
+ exit(0);
+}
+
+include("misc_func.inc");
+include("http_func.inc");
+
+port = get_http_port(default:80);
+if(!get_port_state(port)) exit(0);
+if(get_kb_item("Services/www/" + port + "/embedded" ))exit(0);
+
+banner = get_http_banner(port:port);
+if (!banner)exit(0);
+if(!egrep(pattern:"Server: Zervit ([0-9.]+)", string:banner) ) exit(0);
+
+version = eregmatch(pattern: "Zervit ([0-9.]+)", string: banner);
+
+if( version[1] =~ "0.(2|3|4)" ) {
+
+ security_hole(port:port);
+ exit(0);
+
+}  
+
+exit(0);


Property changes on: trunk/openvas-plugins/scripts/zervit_34530.nasl
___________________________________________________________________
Name: svn:keywords
   + ID

More information about the Openvas-commits mailing list