[Openvas-commits] r11398 - in trunk/openvas-plugins: . scripts

scm-commit@wald.intevation.org scm-commit at wald.intevation.org
Fri Aug 5 09:04:24 CEST 2011


Author: veerendragg
Date: 2011-08-05 09:04:20 +0200 (Fri, 05 Aug 2011)
New Revision: 11398

Added:
   trunk/openvas-plugins/scripts/gb_azeotech_daqfactory_dos_vuln.nasl
   trunk/openvas-plugins/scripts/gb_digital_scribe_mult_xss_vuln.nasl
   trunk/openvas-plugins/scripts/gb_ecava_integraxor_mult_xss_vuln_win.nasl
   trunk/openvas-plugins/scripts/gb_google_picasa_jpeg_img_code_exec_vuln_win.nasl
   trunk/openvas-plugins/scripts/gb_ibm_lotus_symphony_detect_lin.nasl
   trunk/openvas-plugins/scripts/gb_ibm_lotus_symphony_detect_win.nasl
   trunk/openvas-plugins/scripts/gb_ibm_lotus_symphony_mult_vuln_lin.nasl
   trunk/openvas-plugins/scripts/gb_ibm_lotus_symphony_mult_vuln_win.nasl
   trunk/openvas-plugins/scripts/gb_ileys_web_control_sql_injection_vuln.nasl
   trunk/openvas-plugins/scripts/gb_joomla_com_astra_sql_inj_vuln.nasl
   trunk/openvas-plugins/scripts/gb_joomla_com_xeslidegalf_sql_inj_vuln.nasl
Modified:
   trunk/openvas-plugins/ChangeLog
   trunk/openvas-plugins/scripts/gb_google_picasa_detect_win.nasl
Log:
Added new plugins. Updated to detect new version with build.

Modified: trunk/openvas-plugins/ChangeLog
===================================================================
--- trunk/openvas-plugins/ChangeLog	2011-08-04 17:02:12 UTC (rev 11397)
+++ trunk/openvas-plugins/ChangeLog	2011-08-05 07:04:20 UTC (rev 11398)
@@ -1,3 +1,21 @@
+2011-08-05  Veerendra G.G <veerendragg at secpod.com>
+
+	* scripts/gb_ecava_integraxor_mult_xss_vuln_win.nasl,
+	scripts/gb_ibm_lotus_symphony_detect_lin.nasl,
+	scripts/gb_joomla_com_xeslidegalf_sql_inj_vuln.nasl,
+	scripts/gb_ibm_lotus_symphony_mult_vuln_win.nasl,
+	scripts/gb_google_picasa_jpeg_img_code_exec_vuln_win.nasl,
+	scripts/gb_ibm_lotus_symphony_detect_win.nasl,
+	scripts/gb_ileys_web_control_sql_injection_vuln.nasl,
+	scripts/gb_joomla_com_astra_sql_inj_vuln.nasl,
+	scripts/gb_azeotech_daqfactory_dos_vuln.nasl,
+	scripts/gb_digital_scribe_mult_xss_vuln.nasl,
+	scripts/gb_ibm_lotus_symphony_mult_vuln_lin.nasl:
+	Added new plugins.
+
+	* scripts/gb_google_picasa_detect_win.nasl:
+	Updated to detect new version with build.
+
 2011-08-04  Veerendra G.G <veerendragg at secpod.com>
 
 	* scripts/secpod_chyrp_mult_dir_trav_vuln.nasl,

Added: trunk/openvas-plugins/scripts/gb_azeotech_daqfactory_dos_vuln.nasl
===================================================================
--- trunk/openvas-plugins/scripts/gb_azeotech_daqfactory_dos_vuln.nasl	2011-08-04 17:02:12 UTC (rev 11397)
+++ trunk/openvas-plugins/scripts/gb_azeotech_daqfactory_dos_vuln.nasl	2011-08-05 07:04:20 UTC (rev 11398)
@@ -0,0 +1,96 @@
+###############################################################################
+# OpenVAS Vulnerability Test
+# $Id: gb_azeotech_daqfactory_dos_vuln.nasl 16421 2011-08-03 10:50:24Z aug $
+#
+# AzeoTech DAQFactory Denial of Service Vulnerability
+#
+# Authors:
+# Madhuri D <dmadhuri at secpod.com>
+#
+# Copyright:
+# Copyright (c) 2011 Greenbone Networks GmbH, http://www.greenbone.net
+#
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License version 2
+# (or any later version), as published by the Free Software Foundation.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, write to the Free Software
+# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
+###############################################################################
+
+if(description)
+{
+  script_id(802129);
+  script_version("$Revision: 1.0$");
+  script_cve_id("CVE-2011-2956");
+  script_tag(name:"cvss_base", value:"7.8");
+  script_tag(name:"risk_factor", value:"High");
+  script_name("AzeoTech DAQFactory Denial of Service Vulnerability");
+  desc = "
+  Overview: This host is installed with AzeoTech DAQFactory and is prone to
+  denial of service vulnerability.
+
+  Vulnerability Insight:
+  The flaw exists due to error in application, which fails to perform
+  authentication for certain signals.
+
+  Impact:
+  Successful exploitation will allow remote attackers to cause a denial of
+  service (system reboot or shutdown).
+
+  Impact Level: Application.
+
+  Affected Software :
+  AzeoTech DAQFactory version prior to 5.85 Build 1842
+
+  Fix: Upgrade to the AzeoTech DAQFactory version 5.85 Build 1842 or later
+  For updates refer, http://www.azeotech.com/downloads.php
+
+  References:
+  http://osvdb.org/show/osvdb/73390
+  http://www.us-cert.gov/control_systems/pdf/ICSA-11-122-01.pdf ";
+
+  script_description(desc);
+  script_summary("Check for the version of AzeoTech DAQFactory");
+  script_category(ACT_GATHER_INFO);
+  script_copyright("Copyright (c) 2011 Greenbone Networks GmbH");
+  script_family("Denial of Service");
+  script_dependencies("secpod_reg_enum.nasl");
+  script_require_keys("SMB/WindowsVersion");
+  exit(0);
+}
+
+
+include("smb_nt.inc");
+include("version_func.inc");
+include("secpod_smb_func.inc");
+
+if(!get_kb_item("SMB/WindowsVersion")){
+  exit(0);
+}
+
+if(!registry_key_exists(key:"SOFTWARE\DAQFactoryExpress")){
+  exit(0);
+}
+
+## Get the installation path from registry
+azPath = registry_get_sz(key:"SOFTWARE\DAQFactoryExpress",
+                                      item:"Installation Path");
+if(azPath != NULL)
+{
+  azVer = fetch_file_version(sysPath:azPath,
+                               file_name:"DAQFactoryExpress.exe");
+  if(azVer =! NULL)
+  {
+    ## Check for version less than 5.85 Build 1842 => 5.85.1842.0
+    if(version_is_less(version:azVer, test_version:"5.85.1842.0")){
+      security_hole(0);
+    }
+  }
+}


Property changes on: trunk/openvas-plugins/scripts/gb_azeotech_daqfactory_dos_vuln.nasl
___________________________________________________________________
Name: svn:executable
   + *

Added: trunk/openvas-plugins/scripts/gb_digital_scribe_mult_xss_vuln.nasl
===================================================================
--- trunk/openvas-plugins/scripts/gb_digital_scribe_mult_xss_vuln.nasl	2011-08-04 17:02:12 UTC (rev 11397)
+++ trunk/openvas-plugins/scripts/gb_digital_scribe_mult_xss_vuln.nasl	2011-08-05 07:04:20 UTC (rev 11398)
@@ -0,0 +1,113 @@
+##############################################################################
+# OpenVAS Vulnerability Test
+# $Id: gb_digital_scribe_mult_xss_vuln.nasl 16405 2011-08-01 13:53:29 aug $
+#
+# Digital Scribe Multiple Cross Site Scripting Vulnerabilities
+#
+# Authors:
+# Madhuri D <dmadhuri at secpod.com>
+#
+# Copyright:
+# Copyright (c) 2011 Greenbone Networks GmbH, http://www.greenbone.net
+#
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License version 2
+# (or any later version), as published by the Free Software Foundation.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, write to the Free Software
+# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
+################################i###############################################
+
+if(description)
+{
+  script_id(802128);
+  script_version("$Revision: 1.0$");
+  script_bugtraq_id(48945);
+  script_tag(name:"cvss_base", value:"6.8");
+  script_tag(name:"risk_factor", value:"High");
+  script_name("Digital Scribe Multiple Cross Site Scripting Vulnerabilities");
+  desc = "
+  Overview: This host is running Digital Scribe and is prone to multiple cross
+  site scripting vulnerabilities.
+
+  Vulnerability Insight:
+  The flaws are caused due to inputs passed through POST parameters 'title',
+  'last' and 'email' in 'register.php' are not sanitized before being returned
+  to the user.
+
+  Impact:
+  Successful exploitation will let the attacker to execute HTML code into
+  user's browser session in the context of an affected site.
+
+  Impact Level: Application.
+
+  Affected Software/OS:
+  Digital Scribe version 1.5
+
+  Fix: No solution or patch is available as on 1st Aug 2011. Information
+  regarding this issue will be updated once the solution details are available.
+  For updates refer, http://www.digital-scribe.org/
+
+  References:
+  http://secunia.com/advisories/37715/
+  http://www.exploit-db.com/exploits/17590/
+  http://www.zeroscience.mk/en/vulnerabilities/ZSL-2011-5030.php ";
+
+  script_description(desc);
+  script_summary("Check if Digital Scribe is prone to XSS");
+  script_category(ACT_ATTACK);
+  script_copyright("Copyright (C) 2011 Greenbone Networks GmbH");
+  script_family("Web application abuses");
+  script_require_ports("Services/www", 80);
+  exit(0);
+}
+
+
+include("http_func.inc");
+include("http_keepalive.inc");
+
+## Get HTTP Port
+dsPort = get_http_port(default:80);
+if(!dsPort){
+  exit(0);
+}
+
+## Check Host Supports PHP
+if(!can_host_php(port:dsPort)) {
+  exit(0);
+}
+
+foreach path (make_list("/DigitalScribe", "/digitalscribe", cgi_dirs()))
+{
+  ## Send and receive response
+  sndReq = http_get(item:string(path, "/index.php"), port:dsPort);
+  rcvRes = http_send_recv(port:dsPort, data:sndReq);
+
+  ## Confirm the application
+  if("<TITLE>Digital Scribe</TITLE>" >< rcvRes)
+  {
+    ## Try an exploit
+    exp = 'title="><script>alert("XSS")</script>&last="><script>alert("XSS")' +
+           '</script>&passuno=&passuno2=&email=&action=4&Submit=Register';
+
+    req = string("POST ", path, "/register.php HTTP/1.1\r\n",
+                 "Host: ",get_host_ip(),"\r\n",
+                 "Content-Type: application/x-www-form-urlencoded\r\n",
+                 "Content-Length: ", strlen(exp), "\r\n\r\n",
+                 exp);
+    res = http_keepalive_send_recv(port:dsPort, data:req);
+
+    ## Check the response to confirm vulnerability
+    if('><script>alert("XSS")</script>' >< res)
+    {
+      security_hole(dsPort);
+      exit(0);
+    }
+  }
+}

Added: trunk/openvas-plugins/scripts/gb_ecava_integraxor_mult_xss_vuln_win.nasl
===================================================================
--- trunk/openvas-plugins/scripts/gb_ecava_integraxor_mult_xss_vuln_win.nasl	2011-08-04 17:02:12 UTC (rev 11397)
+++ trunk/openvas-plugins/scripts/gb_ecava_integraxor_mult_xss_vuln_win.nasl	2011-08-05 07:04:20 UTC (rev 11398)
@@ -0,0 +1,103 @@
+###############################################################################
+# OpenVAS Vulnerability Test
+# $Id: gb_ecava_integraxor_mult_xss_vuln_win.nasl 16423 2011-08-03 13:15:50Z aug $
+#
+# Ecava IntegraXor Multiple Cross-Site Scripting Vulnerabilities (Windows)
+#
+# Authors:
+# Rachana Shetty <srachana at secpod.com>
+#
+# Copyright:
+# Copyright (c) 2011 Greenbone Networks GmbH, http://www.greenbone.net
+#
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License version 2
+# (or any later version), as published by the Free Software Foundation.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, write to the Free Software
+# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
+###############################################################################
+
+if(description)
+{
+  script_id(802314);
+  script_version("$Revision: 1.0$");
+  script_cve_id("CVE-2011-2958");
+  script_bugtraq_id(48958);
+  script_tag(name:"cvss_base", value:"4.3");
+  script_tag(name:"risk_factor", value:"Medium");
+  script_name("Ecava IntegraXor Multiple Cross-Site Scripting Vulnerabilities (Windows)");
+  desc = "
+  Overview: This host is installed with Ecava IntegraXor and is prone to cross
+  site scripting vulnerabilities.
+
+  Vulnerability Insight:
+  The flaws are caused by improper validation of user-supplied input passed via
+  unspecified vectors, which allows attackers to execute arbitrary HTML and
+  script code on the web server.
+
+  Impact:
+  Successful exploitation will let the attacker to execute arbitrary HTML and
+  script code in a user's browser session in the context of a vulnerable site.
+  This may allow an attacker to steal cookie-based authentications and launch
+  further attacks.
+
+  Impact Level: Application
+
+  Affected Software/OS:
+  Ecava IntegraXor versions prior to 3.60 (Build 4080).
+
+  Fix: Upgrade to the Ecava IntegraXor version 3.60 (Build 4080) or later,
+  For updates refer, http://www.ecava.com/index.htm
+
+  References:
+  http://xforce.iss.net/xforce/xfdb/68896
+  http://www.us-cert.gov/control_systems/pdf/ICSA-11-147-02.pdf";
+
+  script_description(desc);
+  script_summary("Check for the version of Ecava IntegraXor");
+  script_category(ACT_GATHER_INFO);
+  script_copyright("Copyright (C) 2011 Greenbone Networks GmbH");
+  script_family("Web Servers");
+  script_dependencies("secpod_reg_enum.nasl");
+  script_require_keys("SMB/WindowsVersion");
+  exit(0);
+}
+
+
+include("smb_nt.inc");
+include("version_func.inc");
+include("secpod_smb_func.inc");
+
+if(!get_kb_item("SMB/WindowsVersion")){
+  exit(0);
+}
+
+key = "SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\";
+
+foreach item (registry_enum_keys(key:key))
+{
+  ecavaigName = registry_get_sz(key:key + item, item:"DisplayName");
+
+  ## Check the name of the application
+  if("IntegraXor" >< ecavaigName)
+  {
+    ## Check for the version
+    ecavaigVer = registry_get_sz(key:key + item, item:"DisplayVersion");
+    if(ecavaigVer != NULL)
+    {
+      ## Check for Ecava IntegraXor Version less than 3.60 (Build 4080)
+      if(version_is_less(version:ecavaigVer, test_version:"3.60.4080"))
+      {
+        security_hole(0);
+        exit(0);
+      }
+    }
+  }
+}

Modified: trunk/openvas-plugins/scripts/gb_google_picasa_detect_win.nasl
===================================================================
--- trunk/openvas-plugins/scripts/gb_google_picasa_detect_win.nasl	2011-08-04 17:02:12 UTC (rev 11397)
+++ trunk/openvas-plugins/scripts/gb_google_picasa_detect_win.nasl	2011-08-05 07:04:20 UTC (rev 11398)
@@ -7,6 +7,9 @@
 # Authors:
 # Madhuri D <dmadhuri at secpod.com>
 #
+# Updated By: Rachana Shetty <srachana at secpod.com> on 2011-08-02
+#  - Updated to detect build version from .exe file.
+#
 # Copyright:
 # Copyright (c) 2011 Greenbone Networks GmbH, http://www.greenbone.net
 #
@@ -46,6 +49,7 @@
 
 
 include("smb_nt.inc");
+include("version_func.inc");
 include("secpod_smb_func.inc");
 
 if(!get_kb_item("SMB/WindowsVersion")){
@@ -65,14 +69,22 @@
   ## Check the name of the application
   if("Picasa" >< picName)
   {
-    ## Check for the version
-    picVer = registry_get_sz(key:key + item, item:"DisplayVersion");
-    if(picVer != NULL)
+    ## Check for the install path
+    picPath = registry_get_sz(key:key + item, item:"UninstallString");
+    if(!isnull(picPath))
     {
-      ## Set the KB item
-      set_kb_item(name:"Google/Picasa/Win/Ver", value:picVer);
-      security_note(data:"Google Picasa version " + picVer +
+      picPath = ereg_replace(pattern:'"', replace:"", string:picPath);
+      picPath = picPath - "\Uninstall.exe";
+
+      ## Check for moviethumb (original picasa.exe) file version
+      picVer = fetch_file_version(sysPath:picPath, file_name:"moviethumb.exe");
+      if(!isnull(picVer))
+      {
+        ## Set the KB item
+        set_kb_item(name:"Google/Picasa/Win/Ver", value:picVer);
+        security_note(data:"Google Picasa version " + picVer +
                          " was detected on the host");
+      }
     }
   }
 }

Added: trunk/openvas-plugins/scripts/gb_google_picasa_jpeg_img_code_exec_vuln_win.nasl
===================================================================
--- trunk/openvas-plugins/scripts/gb_google_picasa_jpeg_img_code_exec_vuln_win.nasl	2011-08-04 17:02:12 UTC (rev 11397)
+++ trunk/openvas-plugins/scripts/gb_google_picasa_jpeg_img_code_exec_vuln_win.nasl	2011-08-05 07:04:20 UTC (rev 11398)
@@ -0,0 +1,84 @@
+###############################################################################
+# OpenVAS Vulnerability Test
+# $Id: gb_google_picasa_jpeg_img_code_exec_vuln_win.nasl 16420 2011-08-02 16:50:50Z aug $
+#
+# Google Picasa JPEG Image Processing Remote Code Execution Vulnerability (Windows)
+#
+# Authors:
+# Rachana Shetty <srachana at secpod.com>
+#
+# Copyright:
+# Copyright (c) 2011 Greenbone Networks GmbH, http://www.greenbone.net
+#
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License version 2
+# (or any later version), as published by the Free Software Foundation.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, write to the Free Software
+# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
+###############################################################################
+
+if(description)
+{
+  script_id(802313);
+  script_version("$Revision: 1.0$");
+  script_cve_id("CVE-2011-2747");
+  script_bugtraq_id(48725);
+  script_tag(name:"cvss_base", value:"9.3");
+  script_tag(name:"risk_factor", value:"Critical");
+  script_name("Google Picasa JPEG Image Processing Remote Code Execution Vulnerability (Windows)");
+  desc = "
+  Overview: This host is installed with google picasa and is prone to remote
+  code execution vulnerability.
+
+  Vulnerability Insight:
+  The flaw is caused due to an unspecified error, when handling certain
+  properties of an image file and can be exploited via a specially crafted
+  JPEG image.
+
+  Impact:
+  Successful exploitation could allow remote attackers to execute arbitrary
+  code or cause a denial of service condition.
+
+  Impact Level: System/Application
+
+  Affected Software/OS:
+  Google Picasa versions prior to 3.6 build 105.67
+
+  Fix: Upgrade to the Google Picasa 3.6 build 105.67 or later,
+  For updates refer, http://picasa.google.com/thanks.html
+
+  References:
+  http://secunia.com/advisories/45293
+  http://www.microsoft.com/technet/security/advisory/msvr11-008.mspx
+  http://picasa.google.com/support/bin/static.py?hl=en&page=release_notes.cs&from=53209&rd=1 ";
+
+  script_description(desc);
+  script_summary("Check for the version of Google Picasa");
+  script_category(ACT_GATHER_INFO);
+  script_copyright("Copyright (C) 2011 Greenbone Networks GmbH");
+  script_family("General");
+  script_dependencies("gb_google_picasa_detect_win.nasl");
+  script_require_keys("Google/Picasa/Win/Ver");
+  exit(0);
+}
+
+
+include("version_func.inc");
+
+## Get the version from KB
+picVer = get_kb_item("Google/Picasa/Win/Ver");
+if(!picVer){
+  exit(0);
+}
+
+## Check for Google Chrome Version less than 3.6 build 105.67
+if(version_is_less(version:picVer, test_version:"3.6.105.67")){
+  security_hole(0);
+}

Added: trunk/openvas-plugins/scripts/gb_ibm_lotus_symphony_detect_lin.nasl
===================================================================
--- trunk/openvas-plugins/scripts/gb_ibm_lotus_symphony_detect_lin.nasl	2011-08-04 17:02:12 UTC (rev 11397)
+++ trunk/openvas-plugins/scripts/gb_ibm_lotus_symphony_detect_lin.nasl	2011-08-05 07:04:20 UTC (rev 11398)
@@ -0,0 +1,102 @@
+###############################################################################
+# OpenVAS Vulnerability Test
+# $Id: gb_ibm_lotus_symphony_detect_lin.nasl 16377 2011-08-03 12:12:12Z aug $
+#
+# IBM Lotus Symphony Version Detection (Linux)
+#
+# Authors:
+# Sooraj KS <kssooraj at secpod.com>
+#
+# Copyright:
+# Copyright (c) 2011 Greenbone Networks GmbH, http://www.greenbone.net
+#
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License version 2
+# (or any later version), as published by the Free Software Foundation.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, write to the Free Software
+# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
+###############################################################################
+
+if(description)
+{
+  script_id(802230);
+  script_version("$Revision: 1.0$");
+  script_tag(name:"risk_factor", value:"None");
+  script_name("IBM Lotus Symphony Version Detection (Linux)");
+  desc = "
+  Overview: This script finds the installed IBM Lotus Symphony version and
+  saves the result in KB.";
+
+  script_description(desc);
+  script_summary("Set the version of IBM Lotus Symphony in KB");
+  script_category(ACT_GATHER_INFO);
+  script_copyright("Copyright (c) 2011 Greenbone Networks GmbH");
+  script_family("Service detection");
+  exit(0);
+}
+
+
+include("ssh_func.inc");
+include("version_func.inc");
+
+## Connecting...
+sock = ssh_login_or_reuse_connection();
+if(!sock){
+  exit(0);
+}
+
+## Confirm Linux, as SSH can be installed on Windows as well
+result = ssh_cmd(socket:sock, cmd:"uname");
+if("Linux" >!< result){
+  exit(0);
+}
+
+## Read "about.mappings" File
+cmd = "find / -name about.mappings -type f";
+paths = split(ssh_cmd(socket:sock, cmd: cmd, timeout:60));
+if(paths != NULL)
+{
+  foreach path (paths)
+  {
+    ## Confirm Symphony Path
+    if("com.ibm.symphony" >< path) {
+      file = ssh_cmd(socket:sock, cmd: "cat " + path);
+    }
+  }
+}
+
+ssh_close_connection();
+
+## Confirm Symphony File
+if(isnull(file) || "Symphony" >!< file){
+  exit(0);
+}
+
+## Get Version
+foreach line(split(file))
+{
+  version = eregmatch(pattern:"1=([0-9.]+).?([a-zA-Z0-9]+)?", string:line);
+  if(version[1] != NULL)
+  {
+    symVer = version[1];
+    if(version[2] != NULL) {
+      symVer = version[1] + "." + version[2];
+    }
+    break;
+  }
+}
+
+if(symVer)
+{
+  ## Set Symphony Version in KB
+  set_kb_item(name:"IBM/Lotus/Symphony/Lin/Ver", value:symVer);
+  security_note(data:"IBM Lotus Symphony version " + symVer +
+                     " was detected on the host");
+}

Added: trunk/openvas-plugins/scripts/gb_ibm_lotus_symphony_detect_win.nasl
===================================================================
--- trunk/openvas-plugins/scripts/gb_ibm_lotus_symphony_detect_win.nasl	2011-08-04 17:02:12 UTC (rev 11397)
+++ trunk/openvas-plugins/scripts/gb_ibm_lotus_symphony_detect_win.nasl	2011-08-05 07:04:20 UTC (rev 11398)
@@ -0,0 +1,79 @@
+###############################################################################
+# OpenVAS Vulnerability Test
+# $Id: gb_ibm_lotus_symphony_detect_win.nasl 16377 2011-08-03 10:10:10Z aug $
+#
+# IBM Lotus Symphony Version Detection (Windows)
+#
+# Authors:
+# Sooraj KS <kssooraj at secpod.com>
+#
+# Copyright:
+# Copyright (c) 2011 Greenbone Networks GmbH, http://www.greenbone.net
+#
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License version 2
+# (or any later version), as published by the Free Software Foundation.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, write to the Free Software
+# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
+###############################################################################
+
+if(description)
+{
+  script_id(802226);
+  script_version("$Revision: 1.0$");
+  script_tag(name:"risk_factor", value:"None");
+  script_name("IBM Lotus Symphony Version Detection (Windows)");
+  desc = "
+  Overview: This script finds the installed IBM Lotus Symphony version and
+  saves the result in KB. ";
+
+  script_description(desc);
+  script_summary("Set the Version of IBM Lotus Symphony in KB");
+  script_category(ACT_GATHER_INFO);
+  script_copyright("Copyright (C) 2011 Greenbone Networks GmbH");
+  script_family("Service detection");
+  script_dependencies("secpod_reg_enum.nasl");
+  script_require_keys("SMB/WindowsVersion");
+  script_require_ports(139, 445);
+  exit(0);
+}
+
+
+include("smb_nt.inc");
+include("secpod_smb_func.inc");
+
+## Confirm Windows
+if(!get_kb_item("SMB/WindowsVersion")){
+  exit(0);
+}
+
+## Confirm IBM Lotus Symphony
+if(!registry_key_exists(key:"SOFTWARE\Lotus\Symphony")){
+  exit(0);
+}
+
+key = "SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\";
+
+## Get Version From Registry
+foreach item (registry_enum_keys(key:key))
+{
+  name = registry_get_sz(key:key + item, item:"DisplayName");
+  if("IBM Lotus Symphony" >< name)
+  {
+    version = registry_get_sz(key:key + item, item:"DisplayVersion");
+    if(version)
+    {
+      ## Set IBM Lotus Symphony Version in KB
+      set_kb_item(name:"IBM/Lotus/Symphony/Win/Ver", value:version);
+      security_note(data:"IBM Lotus Symphony " + version +
+                         " was detected on the host");
+    }
+  }
+}

Added: trunk/openvas-plugins/scripts/gb_ibm_lotus_symphony_mult_vuln_lin.nasl
===================================================================
--- trunk/openvas-plugins/scripts/gb_ibm_lotus_symphony_mult_vuln_lin.nasl	2011-08-04 17:02:12 UTC (rev 11397)
+++ trunk/openvas-plugins/scripts/gb_ibm_lotus_symphony_mult_vuln_lin.nasl	2011-08-05 07:04:20 UTC (rev 11398)
@@ -0,0 +1,91 @@
+###############################################################################
+# OpenVAS Vulnerability Test
+# $Id: gb_ibm_lotus_symphony_mult_vuln_lin.nasl 16377 2011-08-03 14:14:14Z aug $
+#
+# IBM Lotus Symphony Multiple Vulnerabilities (Linux)
+#
+# Authors:
+# Sooraj KS <kssooraj at secpod.com>
+#
+# Copyright:
+# Copyright (c) 2011 Greenbone Networks GmbH, http://www.greenbone.net
+#
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License version 2
+# (or any later version), as published by the Free Software Foundation.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, write to the Free Software
+# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
+###############################################################################
+
+if(description)
+{
+  script_id(802229);
+  script_version("$Revision: 1.0$");
+  script_cve_id("CVE-2011-2884", "CVE-2011-2885", "CVE-2011-2886",
+                "CVE-2011-2887", "CVE-2011-2888", "CVE-2011-2893");
+  script_bugtraq_id(48936);
+  script_tag(name:"cvss_base", value:"10.0");
+  script_tag(name:"risk_factor", value:"Critical");
+  script_name("IBM Lotus Symphony Multiple Vulnerabilities (Linux)");
+  desc = "
+  Overview: This host is installed with IBM Lotus Symphony and is prone to
+  multiple unspecified vulnerabilities.
+
+  Vulnerability Insight:
+  Multiple flaws are caused due to unspecified errors related to,
+  - critical security vulnerability issues.
+  - sample .doc document that incorporates a user-defined toolbar.
+  - a .docx document with empty bullet styles for parent bullets.
+  - a certain sample document.
+  - complex graphics in a presentation.
+  - a large .xls spreadsheet with an invalid Value reference.
+
+  Impact:
+  Successful exploitation will let the attacker to cause a denial of service.
+
+  Impact Level: Application
+
+  Affected Software/OS:
+  IBM Lotus Symphony Version 3 before FP3.
+
+  Fix: Upgrade to IBM Lotus Symphony version 3 FP3 or later,
+  For updates refer, http://www.ibm.com/software/lotus/symphony/home.nsf/home
+
+  References:
+  http://osvdb.org/73988
+  http://secunia.com/advisories/45271
+  https://www-304.ibm.com/support/docview.wss?uid=swg21505448
+  http://www-03.ibm.com/software/lotus/symphony/idcontents/releasenotes/en/readme_fixpack3_standalone_long.htm
+  https://www-304.ibm.com/jct03001c/software/lotus/symphony/idcontents/releasenotes/en/readme_embedded_in_fixpack3_long.htm
+  http://www-03.ibm.com/software/lotus/symphony/buzz.nsf/web_DisPlayPlugin?open&unid=9717F6F587AAA939852578D300404BCF&category=announcements
+  ";
+
+  script_description(desc);
+  script_summary("Check for the version of IBM Lotus Symphony");
+  script_category(ACT_GATHER_INFO);
+  script_copyright("Copyright (C) 2011 Greenbone Networks GmbH");
+  script_family("General");
+  script_dependencies("gb_ibm_lotus_symphony_detect_lin.nasl");
+  script_require_keys("IBM/Lotus/Symphony/Lin/Ver");
+  exit(0);
+}
+
+
+include("version_func.inc");
+
+## Get version from KB
+version = get_kb_item("IBM/Lotus/Symphony/Lin/Ver");
+if(version =~ "^3\..*")
+{
+  ## Check for IBM Lotus Symphony Version 3 before FP3
+  if(version_is_less(version:version, test_version:"3.0.0.FP3")){
+    security_hole(0);
+  }
+}

Added: trunk/openvas-plugins/scripts/gb_ibm_lotus_symphony_mult_vuln_win.nasl
===================================================================
--- trunk/openvas-plugins/scripts/gb_ibm_lotus_symphony_mult_vuln_win.nasl	2011-08-04 17:02:12 UTC (rev 11397)
+++ trunk/openvas-plugins/scripts/gb_ibm_lotus_symphony_mult_vuln_win.nasl	2011-08-05 07:04:20 UTC (rev 11398)
@@ -0,0 +1,94 @@
+###############################################################################
+# OpenVAS Vulnerability Test
+# $Id: gb_ibm_lotus_symphony_mult_vuln_win.nasl 16377 2011-08-03 11:11:11Z aug $
+#
+# IBM Lotus Symphony Multiple Vulnerabilities (Windows)
+#
+# Authors:
+# Sooraj KS <kssooraj at secpod.com>
+#
+# Copyright:
+# Copyright (c) 2011 Greenbone Networks GmbH, http://www.greenbone.net
+#
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License version 2
+# (or any later version), as published by the Free Software Foundation.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, write to the Free Software
+# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
+###############################################################################
+
+if(description)
+{
+  script_id(802227);
+  script_version("$Revision: 1.0$");
+  script_cve_id("CVE-2011-2884", "CVE-2011-2885", "CVE-2011-2886",
+                "CVE-2011-2888", "CVE-2011-2893");
+  script_bugtraq_id(48936);
+  script_tag(name:"cvss_base", value:"10.0");
+  script_tag(name:"risk_factor", value:"Critical");
+  script_name("IBM Lotus Symphony Multiple Vulnerabilities (Windows)");
+  desc = "
+  Overview: This host is installed with IBM Lotus Symphony and is prone to
+  multiple unspecified vulnerabilities.
+
+  Vulnerability Insight:
+  Multiple flaws are caused due to unspecified errors related to,
+  - critical security vulnerability issues.
+  - sample .doc document that incorporates a user-defined toolbar.
+  - a .docx document with empty bullet styles for parent bullets.
+  - complex graphics in a presentation.
+  - a large .xls spreadsheet with an invalid Value reference.
+
+  Impact:
+  Successful exploitation will let the attacker to cause a denial of service.
+
+  Impact Level: Application
+
+  Affected Software/OS:
+  IBM Lotus Symphony Version 3 before FP3.
+
+  Fix: Upgrade to IBM Lotus Symphony version 3 FP3 or later,
+  For updates refer, http://www.ibm.com/software/lotus/symphony/home.nsf/home
+
+  *****
+  NOTE: Ignore this warning, if above mentioned patch is already applied.
+  *****
+
+  References:
+  http://osvdb.org/73988
+  http://secunia.com/advisories/45271
+  https://www-304.ibm.com/support/docview.wss?uid=swg21505448
+  http://www-03.ibm.com/software/lotus/symphony/idcontents/releasenotes/en/readme_fixpack3_standalone_long.htm
+  https://www-304.ibm.com/jct03001c/software/lotus/symphony/idcontents/releasenotes/en/readme_embedded_in_fixpack3_long.htm
+  http://www-03.ibm.com/software/lotus/symphony/buzz.nsf/web_DisPlayPlugin?open&unid=9717F6F587AAA939852578D300404BCF&category=announcements
+  ";
+
+  script_description(desc);
+  script_summary("Check for the version of IBM Lotus Symphony");
+  script_category(ACT_GATHER_INFO);
+  script_copyright("Copyright (C) 2011 Greenbone Networks GmbH");
+  script_family("General");
+  script_dependencies("gb_ibm_lotus_symphony_detect_win.nasl");
+  script_require_keys("IBM/Lotus/Symphony/Win/Ver");
+  exit(0);
+}
+
+
+include("version_func.inc");
+
+## Get version from KB
+version = get_kb_item("IBM/Lotus/Symphony/Win/Ver");
+if(version =~ "^3\..*")
+{
+  ## Check for IBM Lotus Symphony Version 3 FP2 and prior.
+  if(version_is_less_equal(version:version, test_version:"3.0.10289")){
+    security_hole(0);
+  }
+}

Added: trunk/openvas-plugins/scripts/gb_ileys_web_control_sql_injection_vuln.nasl
===================================================================
--- trunk/openvas-plugins/scripts/gb_ileys_web_control_sql_injection_vuln.nasl	2011-08-04 17:02:12 UTC (rev 11397)
+++ trunk/openvas-plugins/scripts/gb_ileys_web_control_sql_injection_vuln.nasl	2011-08-05 07:04:20 UTC (rev 11398)
@@ -0,0 +1,105 @@
+###############################################################################
+# OpenVAS Vulnerability Test
+# $Id: gb_ileys_web_control_sql_injection_vuln.nasl 16336 2011-08-04 11:15:15Z aug $
+#
+# Ileys Web Control SQL Injection Vulnerability
+#
+# Authors:
+# Rachana Shetty <srachana at secpod.com>
+#
+# Copyright:
+# Copyright (c) 2011 Greenbone Networks GmbH, http://www.greenbone.net
+#
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License version 2
+# (or any later version), as published by the Free Software Foundation.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, write to the Free Software
+# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
+###############################################################################
+
+if(description)
+{
+  script_id(802315);
+  script_version("$Revision: 1.0$");
+  script_tag(name:"cvss_base", value:"7.5");
+  script_tag(name:"risk_factor", value:"High");
+  script_name("Ileys Web Control SQL Injection Vulnerability");
+  desc = "
+  Overview: This host is running Ileys Web Control and is prone to sql
+  injection vulnerability.
+
+  Vulnerability Insight:
+  The flaw is caused by improper validation of user-supplied input passed via
+  the 'id' parameter in 'view.php', which allows attacker to manipulate SQL
+  queries by injecting arbitrary SQL code.
+
+  Impact:
+  Successful exploitation will let the attacker to cause SQL injection attack
+  and gain sensitive information.
+
+  Impact Level: Application
+
+  Affected Software/OS:
+  Ileys Web Control version 2.0
+
+  Fix: No solution or patch is available as on 04th August, 2011. Information
+  regarding this issue will be updated once the solution details are available.
+  For updates refer, http://ileystechnology.com/index.php
+
+  References:
+  http://cryptr.org/printthread.php?tid=2278
+  http://packetstormsecurity.org/files/view/103372/ileys-sql.txt";
+
+  script_description(desc);
+  script_summary("Check if Ileys Web Control is prone to SQL injection vulnerability");
+  script_category(ACT_ATTACK);
+  script_copyright("Copyright (C) 2011 Greenbone Networks GmbH");
+  script_family("Web application abuses");
+  script_require_ports("Services/www", 80);
+  exit(0);
+}
+
+
+include("http_func.inc");
+include("version_func.inc");
+include("http_keepalive.inc");
+
+## Get HTTP Port
+port = get_http_port(default:80);
+if(!get_port_state(port)) {
+  exit(0);
+}
+
+## Check Host Supports PHP
+if(!can_host_php(port:port)) {
+  exit(0);
+}
+
+foreach dir(make_list("", "/ileys", "/admin", cgi_dirs()))
+{
+  ## Send and Receive the response
+  sndReq = http_get (item: string(dir, "/index.php"), port:port);
+  rcvRes = http_keepalive_send_recv(port:port,data:sndReq);
+
+  ## Confirm the application
+  if("Powered by:" >< rcvRes && "Ileys Web Control" >< rcvRes)
+  {
+    ## Construct the exploit request
+    sndReq = http_get(item:string(dir, '/view.php?id=3333"'), port:port);
+    rcvRes = http_send_recv(port:port, data:sndReq);
+
+    ## Check the source code of the function in response
+    if("You have an error in your SQL syntax;">< rcvRes)
+    {
+      security_hole(port);
+      exit(0);
+    }
+  }
+}

Added: trunk/openvas-plugins/scripts/gb_joomla_com_astra_sql_inj_vuln.nasl
===================================================================
--- trunk/openvas-plugins/scripts/gb_joomla_com_astra_sql_inj_vuln.nasl	2011-08-04 17:02:12 UTC (rev 11397)
+++ trunk/openvas-plugins/scripts/gb_joomla_com_astra_sql_inj_vuln.nasl	2011-08-05 07:04:20 UTC (rev 11398)
@@ -0,0 +1,91 @@
+##############################################################################
+# OpenVAS Vulnerability Test
+# $Id: gb_joomla_com_astra_sql_inj_vuln.nasl 16490 2011-08-03 12:33:29 aug $
+#
+# Joomla Component 'com_astra' SQL Injection Vulnerability
+#
+# Authors:
+# Madhuri D <dmadhuri at secpod.com>
+#
+# Copyright:
+# Copyright (c) 2011 Greenbone Networks GmbH, http://www.greenbone.net
+#
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License version 2
+# (or any later version), as published by the Free Software Foundation.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, write to the Free Software
+# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
+###############################################################################
+
+if(description)
+{
+  script_id(802130);
+  script_version("$Revision: 1.0$");
+  script_tag(name:"cvss_base", value:"7.5");
+  script_tag(name:"risk_factor", value:"High");
+  script_name("Joomla Component 'com_astra' SQL Injection Vulnerability");
+  desc = "
+  Overview: This host is running Joomla Astra component and is prone to SQL
+  injection vulnerability.
+
+  Vulnerability Insight:
+  The flaw is caused due to input passed via the 'F' parameter to 'index.php'
+  when 'option' is set to 'com_astra' is not properly sanitised before being
+  used in the SQL query.
+
+  Impact:
+  Successful exploitation will let attackers to to cause SQL Injection attack
+  and gain sensitive information.
+
+  Impact Level: Application
+
+  Affected Software/OS:
+  Joomla Astra component.
+
+  Fix: No solution or patch is available as on 3rd Aug 2011. Information
+  regarding this issue will be updated once the solution details are available.
+  For updates refer, http://extensions.joomla.org/
+
+  References:
+  http://packetstormsecurity.org/files/view/103666/joomlaastra-sql.txt ";
+
+  script_description(desc);
+  script_summary("Check if Joomla Astra component is vulnerable for SQL Injection attack");
+  script_category(ACT_ATTACK);
+  script_copyright("Copyright (C) 2011 Greenbone Networks GmbH");
+  script_family("Web application abuses");
+  script_dependencies("joomla_detect.nasl");
+  script_require_ports("Services/www", 80);
+  exit(0);
+}
+
+
+include("http_func.inc");
+include("version_func.inc");
+include("http_keepalive.inc");
+
+## Get HTTP port
+joomlaPort = get_http_port(default:80);
+if(!joomlaPort){
+  exit(0);
+}
+
+## Get the installed dir
+if(!joomlaDir = get_dir_from_kb(port:joomlaPort, app:"joomla")){
+  exit(0);
+}
+
+## Construct the request
+url = string(joomlaDir ,"/index.php?option=com_astra&S=3&F='");
+
+if(http_vuln_check(port:joomlaPort, url:url, pattern:"You have an error in" +
+                   " your SQL syntax;", check_header: TRUE)){
+  security_hole(joomlaPort);
+}

Added: trunk/openvas-plugins/scripts/gb_joomla_com_xeslidegalf_sql_inj_vuln.nasl
===================================================================
--- trunk/openvas-plugins/scripts/gb_joomla_com_xeslidegalf_sql_inj_vuln.nasl	2011-08-04 17:02:12 UTC (rev 11397)
+++ trunk/openvas-plugins/scripts/gb_joomla_com_xeslidegalf_sql_inj_vuln.nasl	2011-08-05 07:04:20 UTC (rev 11398)
@@ -0,0 +1,94 @@
+##############################################################################
+# OpenVAS Vulnerability Test
+# $Id: gb_joomla_com_xeslidegalf_sql_inj_vuln.nasl 16555 2011-08-04 14:13:29 aug $
+#
+# Joomla Xeslidegalf Component SQL Injection Vulnerability
+#
+# Authors:
+# Madhuri D <dmadhuri at secpod.com>
+#
+# Copyright:
+# Copyright (c) 2011 Greenbone Networks GmbH, http://www.greenbone.net
+#
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License version 2
+# (or any later version), as published by the Free Software Foundation.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, write to the Free Software
+# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
+###############################################################################
+
+if(description)
+{
+  script_id(802131);
+  script_version("$Revision: 1.0$");
+  script_tag(name:"cvss_base", value:"7.5");
+  script_tag(name:"risk_factor", value:"High");
+  script_name("Joomla Xeslidegalf Component SQL Injection Vulnerability");
+  desc = "
+  Overview: This host is running Joomla Xeslidegalf component and is prone to
+  SQL injection vulnerability.
+
+  Vulnerability Insight:
+  The flaw is caused due to an input passed via the 'id' parameter to
+  'index.php' (when 'option' is set to 'com_xeslidegalfx' and 'func' set
+  to 'detail') is not properly sanitised before being used in a SQL query.
+
+  Impact:
+  Successful exploitation will let attackers to manipulate SQL queries by
+  injecting arbitrary SQL code.
+
+  Impact Level: Application
+
+  Affected Software/OS:
+  Joomla Xeslidegalf component.
+
+  Fix: No solution or patch is available as on 4th August 2011. Information
+  regarding this issue will be updated once the solution details are available.
+  For updates refer, http://extensions.joomla.org/extensions/
+
+  References:
+  http://packetstormsecurity.org/files/view/103681/joomlaxeslidegalf-sql.txt ";
+
+  script_description(desc);
+  script_summary("Check if Joomla Xeslidegalf component is vulnerable to SQL Injection attack");
+  script_category(ACT_ATTACK);
+  script_copyright("Copyright (C) 2011 Greenbone Networks GmbH");
+  script_family("Web application abuses");
+  script_dependencies("joomla_detect.nasl");
+  script_require_ports("Services/www", 80);
+  exit(0);
+}
+
+
+include("http_func.inc");
+include("version_func.inc");
+include("http_keepalive.inc");
+
+## Get the port
+joomlaPort = get_http_port(default:80);
+if(!joomlaPort){
+  exit(0);
+}
+
+## Get the application directory
+if(!joomlaDir = get_dir_from_kb(port:joomlaPort, app:"joomla")){
+  exit(0);
+}
+
+## Construct the request
+url = string(joomlaDir ,"/index.php?option=com_xeslidegalfx&Itemid=&func=" +
+                        "detail&id='");
+
+## Try attack and check the response to confirm vulnerability
+if(http_vuln_check(port:joomlaPort, url:url, pattern:'mysql_fetch_row():' +
+                   ' supplied argument is not a valid MySQL result resource',
+                   check_header: TRUE)){
+  security_hole(joomlaPort);
+}



More information about the Openvas-commits mailing list