[Openvas-commits] r11398 - in trunk/openvas-plugins: . scripts
scm-commit@wald.intevation.org
scm-commit at wald.intevation.org
Fri Aug 5 09:04:24 CEST 2011
Author: veerendragg
Date: 2011-08-05 09:04:20 +0200 (Fri, 05 Aug 2011)
New Revision: 11398
Added:
trunk/openvas-plugins/scripts/gb_azeotech_daqfactory_dos_vuln.nasl
trunk/openvas-plugins/scripts/gb_digital_scribe_mult_xss_vuln.nasl
trunk/openvas-plugins/scripts/gb_ecava_integraxor_mult_xss_vuln_win.nasl
trunk/openvas-plugins/scripts/gb_google_picasa_jpeg_img_code_exec_vuln_win.nasl
trunk/openvas-plugins/scripts/gb_ibm_lotus_symphony_detect_lin.nasl
trunk/openvas-plugins/scripts/gb_ibm_lotus_symphony_detect_win.nasl
trunk/openvas-plugins/scripts/gb_ibm_lotus_symphony_mult_vuln_lin.nasl
trunk/openvas-plugins/scripts/gb_ibm_lotus_symphony_mult_vuln_win.nasl
trunk/openvas-plugins/scripts/gb_ileys_web_control_sql_injection_vuln.nasl
trunk/openvas-plugins/scripts/gb_joomla_com_astra_sql_inj_vuln.nasl
trunk/openvas-plugins/scripts/gb_joomla_com_xeslidegalf_sql_inj_vuln.nasl
Modified:
trunk/openvas-plugins/ChangeLog
trunk/openvas-plugins/scripts/gb_google_picasa_detect_win.nasl
Log:
Added new plugins. Updated to detect new version with build.
Modified: trunk/openvas-plugins/ChangeLog
===================================================================
--- trunk/openvas-plugins/ChangeLog 2011-08-04 17:02:12 UTC (rev 11397)
+++ trunk/openvas-plugins/ChangeLog 2011-08-05 07:04:20 UTC (rev 11398)
@@ -1,3 +1,21 @@
+2011-08-05 Veerendra G.G <veerendragg at secpod.com>
+
+ * scripts/gb_ecava_integraxor_mult_xss_vuln_win.nasl,
+ scripts/gb_ibm_lotus_symphony_detect_lin.nasl,
+ scripts/gb_joomla_com_xeslidegalf_sql_inj_vuln.nasl,
+ scripts/gb_ibm_lotus_symphony_mult_vuln_win.nasl,
+ scripts/gb_google_picasa_jpeg_img_code_exec_vuln_win.nasl,
+ scripts/gb_ibm_lotus_symphony_detect_win.nasl,
+ scripts/gb_ileys_web_control_sql_injection_vuln.nasl,
+ scripts/gb_joomla_com_astra_sql_inj_vuln.nasl,
+ scripts/gb_azeotech_daqfactory_dos_vuln.nasl,
+ scripts/gb_digital_scribe_mult_xss_vuln.nasl,
+ scripts/gb_ibm_lotus_symphony_mult_vuln_lin.nasl:
+ Added new plugins.
+
+ * scripts/gb_google_picasa_detect_win.nasl:
+ Updated to detect new version with build.
+
2011-08-04 Veerendra G.G <veerendragg at secpod.com>
* scripts/secpod_chyrp_mult_dir_trav_vuln.nasl,
Added: trunk/openvas-plugins/scripts/gb_azeotech_daqfactory_dos_vuln.nasl
===================================================================
--- trunk/openvas-plugins/scripts/gb_azeotech_daqfactory_dos_vuln.nasl 2011-08-04 17:02:12 UTC (rev 11397)
+++ trunk/openvas-plugins/scripts/gb_azeotech_daqfactory_dos_vuln.nasl 2011-08-05 07:04:20 UTC (rev 11398)
@@ -0,0 +1,96 @@
+###############################################################################
+# OpenVAS Vulnerability Test
+# $Id: gb_azeotech_daqfactory_dos_vuln.nasl 16421 2011-08-03 10:50:24Z aug $
+#
+# AzeoTech DAQFactory Denial of Service Vulnerability
+#
+# Authors:
+# Madhuri D <dmadhuri at secpod.com>
+#
+# Copyright:
+# Copyright (c) 2011 Greenbone Networks GmbH, http://www.greenbone.net
+#
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License version 2
+# (or any later version), as published by the Free Software Foundation.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, write to the Free Software
+# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
+###############################################################################
+
+if(description)
+{
+ script_id(802129);
+ script_version("$Revision: 1.0$");
+ script_cve_id("CVE-2011-2956");
+ script_tag(name:"cvss_base", value:"7.8");
+ script_tag(name:"risk_factor", value:"High");
+ script_name("AzeoTech DAQFactory Denial of Service Vulnerability");
+ desc = "
+ Overview: This host is installed with AzeoTech DAQFactory and is prone to
+ denial of service vulnerability.
+
+ Vulnerability Insight:
+ The flaw exists due to error in application, which fails to perform
+ authentication for certain signals.
+
+ Impact:
+ Successful exploitation will allow remote attackers to cause a denial of
+ service (system reboot or shutdown).
+
+ Impact Level: Application.
+
+ Affected Software :
+ AzeoTech DAQFactory version prior to 5.85 Build 1842
+
+ Fix: Upgrade to the AzeoTech DAQFactory version 5.85 Build 1842 or later
+ For updates refer, http://www.azeotech.com/downloads.php
+
+ References:
+ http://osvdb.org/show/osvdb/73390
+ http://www.us-cert.gov/control_systems/pdf/ICSA-11-122-01.pdf ";
+
+ script_description(desc);
+ script_summary("Check for the version of AzeoTech DAQFactory");
+ script_category(ACT_GATHER_INFO);
+ script_copyright("Copyright (c) 2011 Greenbone Networks GmbH");
+ script_family("Denial of Service");
+ script_dependencies("secpod_reg_enum.nasl");
+ script_require_keys("SMB/WindowsVersion");
+ exit(0);
+}
+
+
+include("smb_nt.inc");
+include("version_func.inc");
+include("secpod_smb_func.inc");
+
+if(!get_kb_item("SMB/WindowsVersion")){
+ exit(0);
+}
+
+if(!registry_key_exists(key:"SOFTWARE\DAQFactoryExpress")){
+ exit(0);
+}
+
+## Get the installation path from registry
+azPath = registry_get_sz(key:"SOFTWARE\DAQFactoryExpress",
+ item:"Installation Path");
+if(azPath != NULL)
+{
+ azVer = fetch_file_version(sysPath:azPath,
+ file_name:"DAQFactoryExpress.exe");
+ if(azVer =! NULL)
+ {
+ ## Check for version less than 5.85 Build 1842 => 5.85.1842.0
+ if(version_is_less(version:azVer, test_version:"5.85.1842.0")){
+ security_hole(0);
+ }
+ }
+}
Property changes on: trunk/openvas-plugins/scripts/gb_azeotech_daqfactory_dos_vuln.nasl
___________________________________________________________________
Name: svn:executable
+ *
Added: trunk/openvas-plugins/scripts/gb_digital_scribe_mult_xss_vuln.nasl
===================================================================
--- trunk/openvas-plugins/scripts/gb_digital_scribe_mult_xss_vuln.nasl 2011-08-04 17:02:12 UTC (rev 11397)
+++ trunk/openvas-plugins/scripts/gb_digital_scribe_mult_xss_vuln.nasl 2011-08-05 07:04:20 UTC (rev 11398)
@@ -0,0 +1,113 @@
+##############################################################################
+# OpenVAS Vulnerability Test
+# $Id: gb_digital_scribe_mult_xss_vuln.nasl 16405 2011-08-01 13:53:29 aug $
+#
+# Digital Scribe Multiple Cross Site Scripting Vulnerabilities
+#
+# Authors:
+# Madhuri D <dmadhuri at secpod.com>
+#
+# Copyright:
+# Copyright (c) 2011 Greenbone Networks GmbH, http://www.greenbone.net
+#
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License version 2
+# (or any later version), as published by the Free Software Foundation.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, write to the Free Software
+# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
+################################i###############################################
+
+if(description)
+{
+ script_id(802128);
+ script_version("$Revision: 1.0$");
+ script_bugtraq_id(48945);
+ script_tag(name:"cvss_base", value:"6.8");
+ script_tag(name:"risk_factor", value:"High");
+ script_name("Digital Scribe Multiple Cross Site Scripting Vulnerabilities");
+ desc = "
+ Overview: This host is running Digital Scribe and is prone to multiple cross
+ site scripting vulnerabilities.
+
+ Vulnerability Insight:
+ The flaws are caused due to inputs passed through POST parameters 'title',
+ 'last' and 'email' in 'register.php' are not sanitized before being returned
+ to the user.
+
+ Impact:
+ Successful exploitation will let the attacker to execute HTML code into
+ user's browser session in the context of an affected site.
+
+ Impact Level: Application.
+
+ Affected Software/OS:
+ Digital Scribe version 1.5
+
+ Fix: No solution or patch is available as on 1st Aug 2011. Information
+ regarding this issue will be updated once the solution details are available.
+ For updates refer, http://www.digital-scribe.org/
+
+ References:
+ http://secunia.com/advisories/37715/
+ http://www.exploit-db.com/exploits/17590/
+ http://www.zeroscience.mk/en/vulnerabilities/ZSL-2011-5030.php ";
+
+ script_description(desc);
+ script_summary("Check if Digital Scribe is prone to XSS");
+ script_category(ACT_ATTACK);
+ script_copyright("Copyright (C) 2011 Greenbone Networks GmbH");
+ script_family("Web application abuses");
+ script_require_ports("Services/www", 80);
+ exit(0);
+}
+
+
+include("http_func.inc");
+include("http_keepalive.inc");
+
+## Get HTTP Port
+dsPort = get_http_port(default:80);
+if(!dsPort){
+ exit(0);
+}
+
+## Check Host Supports PHP
+if(!can_host_php(port:dsPort)) {
+ exit(0);
+}
+
+foreach path (make_list("/DigitalScribe", "/digitalscribe", cgi_dirs()))
+{
+ ## Send and receive response
+ sndReq = http_get(item:string(path, "/index.php"), port:dsPort);
+ rcvRes = http_send_recv(port:dsPort, data:sndReq);
+
+ ## Confirm the application
+ if("<TITLE>Digital Scribe</TITLE>" >< rcvRes)
+ {
+ ## Try an exploit
+ exp = 'title="><script>alert("XSS")</script>&last="><script>alert("XSS")' +
+ '</script>&passuno=&passuno2=&email=&action=4&Submit=Register';
+
+ req = string("POST ", path, "/register.php HTTP/1.1\r\n",
+ "Host: ",get_host_ip(),"\r\n",
+ "Content-Type: application/x-www-form-urlencoded\r\n",
+ "Content-Length: ", strlen(exp), "\r\n\r\n",
+ exp);
+ res = http_keepalive_send_recv(port:dsPort, data:req);
+
+ ## Check the response to confirm vulnerability
+ if('><script>alert("XSS")</script>' >< res)
+ {
+ security_hole(dsPort);
+ exit(0);
+ }
+ }
+}
Added: trunk/openvas-plugins/scripts/gb_ecava_integraxor_mult_xss_vuln_win.nasl
===================================================================
--- trunk/openvas-plugins/scripts/gb_ecava_integraxor_mult_xss_vuln_win.nasl 2011-08-04 17:02:12 UTC (rev 11397)
+++ trunk/openvas-plugins/scripts/gb_ecava_integraxor_mult_xss_vuln_win.nasl 2011-08-05 07:04:20 UTC (rev 11398)
@@ -0,0 +1,103 @@
+###############################################################################
+# OpenVAS Vulnerability Test
+# $Id: gb_ecava_integraxor_mult_xss_vuln_win.nasl 16423 2011-08-03 13:15:50Z aug $
+#
+# Ecava IntegraXor Multiple Cross-Site Scripting Vulnerabilities (Windows)
+#
+# Authors:
+# Rachana Shetty <srachana at secpod.com>
+#
+# Copyright:
+# Copyright (c) 2011 Greenbone Networks GmbH, http://www.greenbone.net
+#
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License version 2
+# (or any later version), as published by the Free Software Foundation.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, write to the Free Software
+# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
+###############################################################################
+
+if(description)
+{
+ script_id(802314);
+ script_version("$Revision: 1.0$");
+ script_cve_id("CVE-2011-2958");
+ script_bugtraq_id(48958);
+ script_tag(name:"cvss_base", value:"4.3");
+ script_tag(name:"risk_factor", value:"Medium");
+ script_name("Ecava IntegraXor Multiple Cross-Site Scripting Vulnerabilities (Windows)");
+ desc = "
+ Overview: This host is installed with Ecava IntegraXor and is prone to cross
+ site scripting vulnerabilities.
+
+ Vulnerability Insight:
+ The flaws are caused by improper validation of user-supplied input passed via
+ unspecified vectors, which allows attackers to execute arbitrary HTML and
+ script code on the web server.
+
+ Impact:
+ Successful exploitation will let the attacker to execute arbitrary HTML and
+ script code in a user's browser session in the context of a vulnerable site.
+ This may allow an attacker to steal cookie-based authentications and launch
+ further attacks.
+
+ Impact Level: Application
+
+ Affected Software/OS:
+ Ecava IntegraXor versions prior to 3.60 (Build 4080).
+
+ Fix: Upgrade to the Ecava IntegraXor version 3.60 (Build 4080) or later,
+ For updates refer, http://www.ecava.com/index.htm
+
+ References:
+ http://xforce.iss.net/xforce/xfdb/68896
+ http://www.us-cert.gov/control_systems/pdf/ICSA-11-147-02.pdf";
+
+ script_description(desc);
+ script_summary("Check for the version of Ecava IntegraXor");
+ script_category(ACT_GATHER_INFO);
+ script_copyright("Copyright (C) 2011 Greenbone Networks GmbH");
+ script_family("Web Servers");
+ script_dependencies("secpod_reg_enum.nasl");
+ script_require_keys("SMB/WindowsVersion");
+ exit(0);
+}
+
+
+include("smb_nt.inc");
+include("version_func.inc");
+include("secpod_smb_func.inc");
+
+if(!get_kb_item("SMB/WindowsVersion")){
+ exit(0);
+}
+
+key = "SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\";
+
+foreach item (registry_enum_keys(key:key))
+{
+ ecavaigName = registry_get_sz(key:key + item, item:"DisplayName");
+
+ ## Check the name of the application
+ if("IntegraXor" >< ecavaigName)
+ {
+ ## Check for the version
+ ecavaigVer = registry_get_sz(key:key + item, item:"DisplayVersion");
+ if(ecavaigVer != NULL)
+ {
+ ## Check for Ecava IntegraXor Version less than 3.60 (Build 4080)
+ if(version_is_less(version:ecavaigVer, test_version:"3.60.4080"))
+ {
+ security_hole(0);
+ exit(0);
+ }
+ }
+ }
+}
Modified: trunk/openvas-plugins/scripts/gb_google_picasa_detect_win.nasl
===================================================================
--- trunk/openvas-plugins/scripts/gb_google_picasa_detect_win.nasl 2011-08-04 17:02:12 UTC (rev 11397)
+++ trunk/openvas-plugins/scripts/gb_google_picasa_detect_win.nasl 2011-08-05 07:04:20 UTC (rev 11398)
@@ -7,6 +7,9 @@
# Authors:
# Madhuri D <dmadhuri at secpod.com>
#
+# Updated By: Rachana Shetty <srachana at secpod.com> on 2011-08-02
+# - Updated to detect build version from .exe file.
+#
# Copyright:
# Copyright (c) 2011 Greenbone Networks GmbH, http://www.greenbone.net
#
@@ -46,6 +49,7 @@
include("smb_nt.inc");
+include("version_func.inc");
include("secpod_smb_func.inc");
if(!get_kb_item("SMB/WindowsVersion")){
@@ -65,14 +69,22 @@
## Check the name of the application
if("Picasa" >< picName)
{
- ## Check for the version
- picVer = registry_get_sz(key:key + item, item:"DisplayVersion");
- if(picVer != NULL)
+ ## Check for the install path
+ picPath = registry_get_sz(key:key + item, item:"UninstallString");
+ if(!isnull(picPath))
{
- ## Set the KB item
- set_kb_item(name:"Google/Picasa/Win/Ver", value:picVer);
- security_note(data:"Google Picasa version " + picVer +
+ picPath = ereg_replace(pattern:'"', replace:"", string:picPath);
+ picPath = picPath - "\Uninstall.exe";
+
+ ## Check for moviethumb (original picasa.exe) file version
+ picVer = fetch_file_version(sysPath:picPath, file_name:"moviethumb.exe");
+ if(!isnull(picVer))
+ {
+ ## Set the KB item
+ set_kb_item(name:"Google/Picasa/Win/Ver", value:picVer);
+ security_note(data:"Google Picasa version " + picVer +
" was detected on the host");
+ }
}
}
}
Added: trunk/openvas-plugins/scripts/gb_google_picasa_jpeg_img_code_exec_vuln_win.nasl
===================================================================
--- trunk/openvas-plugins/scripts/gb_google_picasa_jpeg_img_code_exec_vuln_win.nasl 2011-08-04 17:02:12 UTC (rev 11397)
+++ trunk/openvas-plugins/scripts/gb_google_picasa_jpeg_img_code_exec_vuln_win.nasl 2011-08-05 07:04:20 UTC (rev 11398)
@@ -0,0 +1,84 @@
+###############################################################################
+# OpenVAS Vulnerability Test
+# $Id: gb_google_picasa_jpeg_img_code_exec_vuln_win.nasl 16420 2011-08-02 16:50:50Z aug $
+#
+# Google Picasa JPEG Image Processing Remote Code Execution Vulnerability (Windows)
+#
+# Authors:
+# Rachana Shetty <srachana at secpod.com>
+#
+# Copyright:
+# Copyright (c) 2011 Greenbone Networks GmbH, http://www.greenbone.net
+#
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License version 2
+# (or any later version), as published by the Free Software Foundation.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, write to the Free Software
+# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
+###############################################################################
+
+if(description)
+{
+ script_id(802313);
+ script_version("$Revision: 1.0$");
+ script_cve_id("CVE-2011-2747");
+ script_bugtraq_id(48725);
+ script_tag(name:"cvss_base", value:"9.3");
+ script_tag(name:"risk_factor", value:"Critical");
+ script_name("Google Picasa JPEG Image Processing Remote Code Execution Vulnerability (Windows)");
+ desc = "
+ Overview: This host is installed with google picasa and is prone to remote
+ code execution vulnerability.
+
+ Vulnerability Insight:
+ The flaw is caused due to an unspecified error, when handling certain
+ properties of an image file and can be exploited via a specially crafted
+ JPEG image.
+
+ Impact:
+ Successful exploitation could allow remote attackers to execute arbitrary
+ code or cause a denial of service condition.
+
+ Impact Level: System/Application
+
+ Affected Software/OS:
+ Google Picasa versions prior to 3.6 build 105.67
+
+ Fix: Upgrade to the Google Picasa 3.6 build 105.67 or later,
+ For updates refer, http://picasa.google.com/thanks.html
+
+ References:
+ http://secunia.com/advisories/45293
+ http://www.microsoft.com/technet/security/advisory/msvr11-008.mspx
+ http://picasa.google.com/support/bin/static.py?hl=en&page=release_notes.cs&from=53209&rd=1 ";
+
+ script_description(desc);
+ script_summary("Check for the version of Google Picasa");
+ script_category(ACT_GATHER_INFO);
+ script_copyright("Copyright (C) 2011 Greenbone Networks GmbH");
+ script_family("General");
+ script_dependencies("gb_google_picasa_detect_win.nasl");
+ script_require_keys("Google/Picasa/Win/Ver");
+ exit(0);
+}
+
+
+include("version_func.inc");
+
+## Get the version from KB
+picVer = get_kb_item("Google/Picasa/Win/Ver");
+if(!picVer){
+ exit(0);
+}
+
+## Check for Google Chrome Version less than 3.6 build 105.67
+if(version_is_less(version:picVer, test_version:"3.6.105.67")){
+ security_hole(0);
+}
Added: trunk/openvas-plugins/scripts/gb_ibm_lotus_symphony_detect_lin.nasl
===================================================================
--- trunk/openvas-plugins/scripts/gb_ibm_lotus_symphony_detect_lin.nasl 2011-08-04 17:02:12 UTC (rev 11397)
+++ trunk/openvas-plugins/scripts/gb_ibm_lotus_symphony_detect_lin.nasl 2011-08-05 07:04:20 UTC (rev 11398)
@@ -0,0 +1,102 @@
+###############################################################################
+# OpenVAS Vulnerability Test
+# $Id: gb_ibm_lotus_symphony_detect_lin.nasl 16377 2011-08-03 12:12:12Z aug $
+#
+# IBM Lotus Symphony Version Detection (Linux)
+#
+# Authors:
+# Sooraj KS <kssooraj at secpod.com>
+#
+# Copyright:
+# Copyright (c) 2011 Greenbone Networks GmbH, http://www.greenbone.net
+#
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License version 2
+# (or any later version), as published by the Free Software Foundation.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, write to the Free Software
+# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
+###############################################################################
+
+if(description)
+{
+ script_id(802230);
+ script_version("$Revision: 1.0$");
+ script_tag(name:"risk_factor", value:"None");
+ script_name("IBM Lotus Symphony Version Detection (Linux)");
+ desc = "
+ Overview: This script finds the installed IBM Lotus Symphony version and
+ saves the result in KB.";
+
+ script_description(desc);
+ script_summary("Set the version of IBM Lotus Symphony in KB");
+ script_category(ACT_GATHER_INFO);
+ script_copyright("Copyright (c) 2011 Greenbone Networks GmbH");
+ script_family("Service detection");
+ exit(0);
+}
+
+
+include("ssh_func.inc");
+include("version_func.inc");
+
+## Connecting...
+sock = ssh_login_or_reuse_connection();
+if(!sock){
+ exit(0);
+}
+
+## Confirm Linux, as SSH can be installed on Windows as well
+result = ssh_cmd(socket:sock, cmd:"uname");
+if("Linux" >!< result){
+ exit(0);
+}
+
+## Read "about.mappings" File
+cmd = "find / -name about.mappings -type f";
+paths = split(ssh_cmd(socket:sock, cmd: cmd, timeout:60));
+if(paths != NULL)
+{
+ foreach path (paths)
+ {
+ ## Confirm Symphony Path
+ if("com.ibm.symphony" >< path) {
+ file = ssh_cmd(socket:sock, cmd: "cat " + path);
+ }
+ }
+}
+
+ssh_close_connection();
+
+## Confirm Symphony File
+if(isnull(file) || "Symphony" >!< file){
+ exit(0);
+}
+
+## Get Version
+foreach line(split(file))
+{
+ version = eregmatch(pattern:"1=([0-9.]+).?([a-zA-Z0-9]+)?", string:line);
+ if(version[1] != NULL)
+ {
+ symVer = version[1];
+ if(version[2] != NULL) {
+ symVer = version[1] + "." + version[2];
+ }
+ break;
+ }
+}
+
+if(symVer)
+{
+ ## Set Symphony Version in KB
+ set_kb_item(name:"IBM/Lotus/Symphony/Lin/Ver", value:symVer);
+ security_note(data:"IBM Lotus Symphony version " + symVer +
+ " was detected on the host");
+}
Added: trunk/openvas-plugins/scripts/gb_ibm_lotus_symphony_detect_win.nasl
===================================================================
--- trunk/openvas-plugins/scripts/gb_ibm_lotus_symphony_detect_win.nasl 2011-08-04 17:02:12 UTC (rev 11397)
+++ trunk/openvas-plugins/scripts/gb_ibm_lotus_symphony_detect_win.nasl 2011-08-05 07:04:20 UTC (rev 11398)
@@ -0,0 +1,79 @@
+###############################################################################
+# OpenVAS Vulnerability Test
+# $Id: gb_ibm_lotus_symphony_detect_win.nasl 16377 2011-08-03 10:10:10Z aug $
+#
+# IBM Lotus Symphony Version Detection (Windows)
+#
+# Authors:
+# Sooraj KS <kssooraj at secpod.com>
+#
+# Copyright:
+# Copyright (c) 2011 Greenbone Networks GmbH, http://www.greenbone.net
+#
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License version 2
+# (or any later version), as published by the Free Software Foundation.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, write to the Free Software
+# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
+###############################################################################
+
+if(description)
+{
+ script_id(802226);
+ script_version("$Revision: 1.0$");
+ script_tag(name:"risk_factor", value:"None");
+ script_name("IBM Lotus Symphony Version Detection (Windows)");
+ desc = "
+ Overview: This script finds the installed IBM Lotus Symphony version and
+ saves the result in KB. ";
+
+ script_description(desc);
+ script_summary("Set the Version of IBM Lotus Symphony in KB");
+ script_category(ACT_GATHER_INFO);
+ script_copyright("Copyright (C) 2011 Greenbone Networks GmbH");
+ script_family("Service detection");
+ script_dependencies("secpod_reg_enum.nasl");
+ script_require_keys("SMB/WindowsVersion");
+ script_require_ports(139, 445);
+ exit(0);
+}
+
+
+include("smb_nt.inc");
+include("secpod_smb_func.inc");
+
+## Confirm Windows
+if(!get_kb_item("SMB/WindowsVersion")){
+ exit(0);
+}
+
+## Confirm IBM Lotus Symphony
+if(!registry_key_exists(key:"SOFTWARE\Lotus\Symphony")){
+ exit(0);
+}
+
+key = "SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\";
+
+## Get Version From Registry
+foreach item (registry_enum_keys(key:key))
+{
+ name = registry_get_sz(key:key + item, item:"DisplayName");
+ if("IBM Lotus Symphony" >< name)
+ {
+ version = registry_get_sz(key:key + item, item:"DisplayVersion");
+ if(version)
+ {
+ ## Set IBM Lotus Symphony Version in KB
+ set_kb_item(name:"IBM/Lotus/Symphony/Win/Ver", value:version);
+ security_note(data:"IBM Lotus Symphony " + version +
+ " was detected on the host");
+ }
+ }
+}
Added: trunk/openvas-plugins/scripts/gb_ibm_lotus_symphony_mult_vuln_lin.nasl
===================================================================
--- trunk/openvas-plugins/scripts/gb_ibm_lotus_symphony_mult_vuln_lin.nasl 2011-08-04 17:02:12 UTC (rev 11397)
+++ trunk/openvas-plugins/scripts/gb_ibm_lotus_symphony_mult_vuln_lin.nasl 2011-08-05 07:04:20 UTC (rev 11398)
@@ -0,0 +1,91 @@
+###############################################################################
+# OpenVAS Vulnerability Test
+# $Id: gb_ibm_lotus_symphony_mult_vuln_lin.nasl 16377 2011-08-03 14:14:14Z aug $
+#
+# IBM Lotus Symphony Multiple Vulnerabilities (Linux)
+#
+# Authors:
+# Sooraj KS <kssooraj at secpod.com>
+#
+# Copyright:
+# Copyright (c) 2011 Greenbone Networks GmbH, http://www.greenbone.net
+#
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License version 2
+# (or any later version), as published by the Free Software Foundation.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, write to the Free Software
+# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
+###############################################################################
+
+if(description)
+{
+ script_id(802229);
+ script_version("$Revision: 1.0$");
+ script_cve_id("CVE-2011-2884", "CVE-2011-2885", "CVE-2011-2886",
+ "CVE-2011-2887", "CVE-2011-2888", "CVE-2011-2893");
+ script_bugtraq_id(48936);
+ script_tag(name:"cvss_base", value:"10.0");
+ script_tag(name:"risk_factor", value:"Critical");
+ script_name("IBM Lotus Symphony Multiple Vulnerabilities (Linux)");
+ desc = "
+ Overview: This host is installed with IBM Lotus Symphony and is prone to
+ multiple unspecified vulnerabilities.
+
+ Vulnerability Insight:
+ Multiple flaws are caused due to unspecified errors related to,
+ - critical security vulnerability issues.
+ - sample .doc document that incorporates a user-defined toolbar.
+ - a .docx document with empty bullet styles for parent bullets.
+ - a certain sample document.
+ - complex graphics in a presentation.
+ - a large .xls spreadsheet with an invalid Value reference.
+
+ Impact:
+ Successful exploitation will let the attacker to cause a denial of service.
+
+ Impact Level: Application
+
+ Affected Software/OS:
+ IBM Lotus Symphony Version 3 before FP3.
+
+ Fix: Upgrade to IBM Lotus Symphony version 3 FP3 or later,
+ For updates refer, http://www.ibm.com/software/lotus/symphony/home.nsf/home
+
+ References:
+ http://osvdb.org/73988
+ http://secunia.com/advisories/45271
+ https://www-304.ibm.com/support/docview.wss?uid=swg21505448
+ http://www-03.ibm.com/software/lotus/symphony/idcontents/releasenotes/en/readme_fixpack3_standalone_long.htm
+ https://www-304.ibm.com/jct03001c/software/lotus/symphony/idcontents/releasenotes/en/readme_embedded_in_fixpack3_long.htm
+ http://www-03.ibm.com/software/lotus/symphony/buzz.nsf/web_DisPlayPlugin?open&unid=9717F6F587AAA939852578D300404BCF&category=announcements
+ ";
+
+ script_description(desc);
+ script_summary("Check for the version of IBM Lotus Symphony");
+ script_category(ACT_GATHER_INFO);
+ script_copyright("Copyright (C) 2011 Greenbone Networks GmbH");
+ script_family("General");
+ script_dependencies("gb_ibm_lotus_symphony_detect_lin.nasl");
+ script_require_keys("IBM/Lotus/Symphony/Lin/Ver");
+ exit(0);
+}
+
+
+include("version_func.inc");
+
+## Get version from KB
+version = get_kb_item("IBM/Lotus/Symphony/Lin/Ver");
+if(version =~ "^3\..*")
+{
+ ## Check for IBM Lotus Symphony Version 3 before FP3
+ if(version_is_less(version:version, test_version:"3.0.0.FP3")){
+ security_hole(0);
+ }
+}
Added: trunk/openvas-plugins/scripts/gb_ibm_lotus_symphony_mult_vuln_win.nasl
===================================================================
--- trunk/openvas-plugins/scripts/gb_ibm_lotus_symphony_mult_vuln_win.nasl 2011-08-04 17:02:12 UTC (rev 11397)
+++ trunk/openvas-plugins/scripts/gb_ibm_lotus_symphony_mult_vuln_win.nasl 2011-08-05 07:04:20 UTC (rev 11398)
@@ -0,0 +1,94 @@
+###############################################################################
+# OpenVAS Vulnerability Test
+# $Id: gb_ibm_lotus_symphony_mult_vuln_win.nasl 16377 2011-08-03 11:11:11Z aug $
+#
+# IBM Lotus Symphony Multiple Vulnerabilities (Windows)
+#
+# Authors:
+# Sooraj KS <kssooraj at secpod.com>
+#
+# Copyright:
+# Copyright (c) 2011 Greenbone Networks GmbH, http://www.greenbone.net
+#
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License version 2
+# (or any later version), as published by the Free Software Foundation.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, write to the Free Software
+# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
+###############################################################################
+
+if(description)
+{
+ script_id(802227);
+ script_version("$Revision: 1.0$");
+ script_cve_id("CVE-2011-2884", "CVE-2011-2885", "CVE-2011-2886",
+ "CVE-2011-2888", "CVE-2011-2893");
+ script_bugtraq_id(48936);
+ script_tag(name:"cvss_base", value:"10.0");
+ script_tag(name:"risk_factor", value:"Critical");
+ script_name("IBM Lotus Symphony Multiple Vulnerabilities (Windows)");
+ desc = "
+ Overview: This host is installed with IBM Lotus Symphony and is prone to
+ multiple unspecified vulnerabilities.
+
+ Vulnerability Insight:
+ Multiple flaws are caused due to unspecified errors related to,
+ - critical security vulnerability issues.
+ - sample .doc document that incorporates a user-defined toolbar.
+ - a .docx document with empty bullet styles for parent bullets.
+ - complex graphics in a presentation.
+ - a large .xls spreadsheet with an invalid Value reference.
+
+ Impact:
+ Successful exploitation will let the attacker to cause a denial of service.
+
+ Impact Level: Application
+
+ Affected Software/OS:
+ IBM Lotus Symphony Version 3 before FP3.
+
+ Fix: Upgrade to IBM Lotus Symphony version 3 FP3 or later,
+ For updates refer, http://www.ibm.com/software/lotus/symphony/home.nsf/home
+
+ *****
+ NOTE: Ignore this warning, if above mentioned patch is already applied.
+ *****
+
+ References:
+ http://osvdb.org/73988
+ http://secunia.com/advisories/45271
+ https://www-304.ibm.com/support/docview.wss?uid=swg21505448
+ http://www-03.ibm.com/software/lotus/symphony/idcontents/releasenotes/en/readme_fixpack3_standalone_long.htm
+ https://www-304.ibm.com/jct03001c/software/lotus/symphony/idcontents/releasenotes/en/readme_embedded_in_fixpack3_long.htm
+ http://www-03.ibm.com/software/lotus/symphony/buzz.nsf/web_DisPlayPlugin?open&unid=9717F6F587AAA939852578D300404BCF&category=announcements
+ ";
+
+ script_description(desc);
+ script_summary("Check for the version of IBM Lotus Symphony");
+ script_category(ACT_GATHER_INFO);
+ script_copyright("Copyright (C) 2011 Greenbone Networks GmbH");
+ script_family("General");
+ script_dependencies("gb_ibm_lotus_symphony_detect_win.nasl");
+ script_require_keys("IBM/Lotus/Symphony/Win/Ver");
+ exit(0);
+}
+
+
+include("version_func.inc");
+
+## Get version from KB
+version = get_kb_item("IBM/Lotus/Symphony/Win/Ver");
+if(version =~ "^3\..*")
+{
+ ## Check for IBM Lotus Symphony Version 3 FP2 and prior.
+ if(version_is_less_equal(version:version, test_version:"3.0.10289")){
+ security_hole(0);
+ }
+}
Added: trunk/openvas-plugins/scripts/gb_ileys_web_control_sql_injection_vuln.nasl
===================================================================
--- trunk/openvas-plugins/scripts/gb_ileys_web_control_sql_injection_vuln.nasl 2011-08-04 17:02:12 UTC (rev 11397)
+++ trunk/openvas-plugins/scripts/gb_ileys_web_control_sql_injection_vuln.nasl 2011-08-05 07:04:20 UTC (rev 11398)
@@ -0,0 +1,105 @@
+###############################################################################
+# OpenVAS Vulnerability Test
+# $Id: gb_ileys_web_control_sql_injection_vuln.nasl 16336 2011-08-04 11:15:15Z aug $
+#
+# Ileys Web Control SQL Injection Vulnerability
+#
+# Authors:
+# Rachana Shetty <srachana at secpod.com>
+#
+# Copyright:
+# Copyright (c) 2011 Greenbone Networks GmbH, http://www.greenbone.net
+#
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License version 2
+# (or any later version), as published by the Free Software Foundation.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, write to the Free Software
+# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
+###############################################################################
+
+if(description)
+{
+ script_id(802315);
+ script_version("$Revision: 1.0$");
+ script_tag(name:"cvss_base", value:"7.5");
+ script_tag(name:"risk_factor", value:"High");
+ script_name("Ileys Web Control SQL Injection Vulnerability");
+ desc = "
+ Overview: This host is running Ileys Web Control and is prone to sql
+ injection vulnerability.
+
+ Vulnerability Insight:
+ The flaw is caused by improper validation of user-supplied input passed via
+ the 'id' parameter in 'view.php', which allows attacker to manipulate SQL
+ queries by injecting arbitrary SQL code.
+
+ Impact:
+ Successful exploitation will let the attacker to cause SQL injection attack
+ and gain sensitive information.
+
+ Impact Level: Application
+
+ Affected Software/OS:
+ Ileys Web Control version 2.0
+
+ Fix: No solution or patch is available as on 04th August, 2011. Information
+ regarding this issue will be updated once the solution details are available.
+ For updates refer, http://ileystechnology.com/index.php
+
+ References:
+ http://cryptr.org/printthread.php?tid=2278
+ http://packetstormsecurity.org/files/view/103372/ileys-sql.txt";
+
+ script_description(desc);
+ script_summary("Check if Ileys Web Control is prone to SQL injection vulnerability");
+ script_category(ACT_ATTACK);
+ script_copyright("Copyright (C) 2011 Greenbone Networks GmbH");
+ script_family("Web application abuses");
+ script_require_ports("Services/www", 80);
+ exit(0);
+}
+
+
+include("http_func.inc");
+include("version_func.inc");
+include("http_keepalive.inc");
+
+## Get HTTP Port
+port = get_http_port(default:80);
+if(!get_port_state(port)) {
+ exit(0);
+}
+
+## Check Host Supports PHP
+if(!can_host_php(port:port)) {
+ exit(0);
+}
+
+foreach dir(make_list("", "/ileys", "/admin", cgi_dirs()))
+{
+ ## Send and Receive the response
+ sndReq = http_get (item: string(dir, "/index.php"), port:port);
+ rcvRes = http_keepalive_send_recv(port:port,data:sndReq);
+
+ ## Confirm the application
+ if("Powered by:" >< rcvRes && "Ileys Web Control" >< rcvRes)
+ {
+ ## Construct the exploit request
+ sndReq = http_get(item:string(dir, '/view.php?id=3333"'), port:port);
+ rcvRes = http_send_recv(port:port, data:sndReq);
+
+ ## Check the source code of the function in response
+ if("You have an error in your SQL syntax;">< rcvRes)
+ {
+ security_hole(port);
+ exit(0);
+ }
+ }
+}
Added: trunk/openvas-plugins/scripts/gb_joomla_com_astra_sql_inj_vuln.nasl
===================================================================
--- trunk/openvas-plugins/scripts/gb_joomla_com_astra_sql_inj_vuln.nasl 2011-08-04 17:02:12 UTC (rev 11397)
+++ trunk/openvas-plugins/scripts/gb_joomla_com_astra_sql_inj_vuln.nasl 2011-08-05 07:04:20 UTC (rev 11398)
@@ -0,0 +1,91 @@
+##############################################################################
+# OpenVAS Vulnerability Test
+# $Id: gb_joomla_com_astra_sql_inj_vuln.nasl 16490 2011-08-03 12:33:29 aug $
+#
+# Joomla Component 'com_astra' SQL Injection Vulnerability
+#
+# Authors:
+# Madhuri D <dmadhuri at secpod.com>
+#
+# Copyright:
+# Copyright (c) 2011 Greenbone Networks GmbH, http://www.greenbone.net
+#
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License version 2
+# (or any later version), as published by the Free Software Foundation.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, write to the Free Software
+# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
+###############################################################################
+
+if(description)
+{
+ script_id(802130);
+ script_version("$Revision: 1.0$");
+ script_tag(name:"cvss_base", value:"7.5");
+ script_tag(name:"risk_factor", value:"High");
+ script_name("Joomla Component 'com_astra' SQL Injection Vulnerability");
+ desc = "
+ Overview: This host is running Joomla Astra component and is prone to SQL
+ injection vulnerability.
+
+ Vulnerability Insight:
+ The flaw is caused due to input passed via the 'F' parameter to 'index.php'
+ when 'option' is set to 'com_astra' is not properly sanitised before being
+ used in the SQL query.
+
+ Impact:
+ Successful exploitation will let attackers to to cause SQL Injection attack
+ and gain sensitive information.
+
+ Impact Level: Application
+
+ Affected Software/OS:
+ Joomla Astra component.
+
+ Fix: No solution or patch is available as on 3rd Aug 2011. Information
+ regarding this issue will be updated once the solution details are available.
+ For updates refer, http://extensions.joomla.org/
+
+ References:
+ http://packetstormsecurity.org/files/view/103666/joomlaastra-sql.txt ";
+
+ script_description(desc);
+ script_summary("Check if Joomla Astra component is vulnerable for SQL Injection attack");
+ script_category(ACT_ATTACK);
+ script_copyright("Copyright (C) 2011 Greenbone Networks GmbH");
+ script_family("Web application abuses");
+ script_dependencies("joomla_detect.nasl");
+ script_require_ports("Services/www", 80);
+ exit(0);
+}
+
+
+include("http_func.inc");
+include("version_func.inc");
+include("http_keepalive.inc");
+
+## Get HTTP port
+joomlaPort = get_http_port(default:80);
+if(!joomlaPort){
+ exit(0);
+}
+
+## Get the installed dir
+if(!joomlaDir = get_dir_from_kb(port:joomlaPort, app:"joomla")){
+ exit(0);
+}
+
+## Construct the request
+url = string(joomlaDir ,"/index.php?option=com_astra&S=3&F='");
+
+if(http_vuln_check(port:joomlaPort, url:url, pattern:"You have an error in" +
+ " your SQL syntax;", check_header: TRUE)){
+ security_hole(joomlaPort);
+}
Added: trunk/openvas-plugins/scripts/gb_joomla_com_xeslidegalf_sql_inj_vuln.nasl
===================================================================
--- trunk/openvas-plugins/scripts/gb_joomla_com_xeslidegalf_sql_inj_vuln.nasl 2011-08-04 17:02:12 UTC (rev 11397)
+++ trunk/openvas-plugins/scripts/gb_joomla_com_xeslidegalf_sql_inj_vuln.nasl 2011-08-05 07:04:20 UTC (rev 11398)
@@ -0,0 +1,94 @@
+##############################################################################
+# OpenVAS Vulnerability Test
+# $Id: gb_joomla_com_xeslidegalf_sql_inj_vuln.nasl 16555 2011-08-04 14:13:29 aug $
+#
+# Joomla Xeslidegalf Component SQL Injection Vulnerability
+#
+# Authors:
+# Madhuri D <dmadhuri at secpod.com>
+#
+# Copyright:
+# Copyright (c) 2011 Greenbone Networks GmbH, http://www.greenbone.net
+#
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License version 2
+# (or any later version), as published by the Free Software Foundation.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, write to the Free Software
+# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
+###############################################################################
+
+if(description)
+{
+ script_id(802131);
+ script_version("$Revision: 1.0$");
+ script_tag(name:"cvss_base", value:"7.5");
+ script_tag(name:"risk_factor", value:"High");
+ script_name("Joomla Xeslidegalf Component SQL Injection Vulnerability");
+ desc = "
+ Overview: This host is running Joomla Xeslidegalf component and is prone to
+ SQL injection vulnerability.
+
+ Vulnerability Insight:
+ The flaw is caused due to an input passed via the 'id' parameter to
+ 'index.php' (when 'option' is set to 'com_xeslidegalfx' and 'func' set
+ to 'detail') is not properly sanitised before being used in a SQL query.
+
+ Impact:
+ Successful exploitation will let attackers to manipulate SQL queries by
+ injecting arbitrary SQL code.
+
+ Impact Level: Application
+
+ Affected Software/OS:
+ Joomla Xeslidegalf component.
+
+ Fix: No solution or patch is available as on 4th August 2011. Information
+ regarding this issue will be updated once the solution details are available.
+ For updates refer, http://extensions.joomla.org/extensions/
+
+ References:
+ http://packetstormsecurity.org/files/view/103681/joomlaxeslidegalf-sql.txt ";
+
+ script_description(desc);
+ script_summary("Check if Joomla Xeslidegalf component is vulnerable to SQL Injection attack");
+ script_category(ACT_ATTACK);
+ script_copyright("Copyright (C) 2011 Greenbone Networks GmbH");
+ script_family("Web application abuses");
+ script_dependencies("joomla_detect.nasl");
+ script_require_ports("Services/www", 80);
+ exit(0);
+}
+
+
+include("http_func.inc");
+include("version_func.inc");
+include("http_keepalive.inc");
+
+## Get the port
+joomlaPort = get_http_port(default:80);
+if(!joomlaPort){
+ exit(0);
+}
+
+## Get the application directory
+if(!joomlaDir = get_dir_from_kb(port:joomlaPort, app:"joomla")){
+ exit(0);
+}
+
+## Construct the request
+url = string(joomlaDir ,"/index.php?option=com_xeslidegalfx&Itemid=&func=" +
+ "detail&id='");
+
+## Try attack and check the response to confirm vulnerability
+if(http_vuln_check(port:joomlaPort, url:url, pattern:'mysql_fetch_row():' +
+ ' supplied argument is not a valid MySQL result resource',
+ check_header: TRUE)){
+ security_hole(joomlaPort);
+}
More information about the Openvas-commits
mailing list