[Openvas-commits] r11564 - in trunk/openvas-plugins: . scripts

scm-commit@wald.intevation.org scm-commit at wald.intevation.org
Tue Sep 6 09:31:16 CEST 2011 

Author: hdoreau
Date: 2011-09-06 09:31:11 +0200 (Tue, 06 Sep 2011)
New Revision: 11564

Modified:
   trunk/openvas-plugins/ChangeLog
   trunk/openvas-plugins/scripts/burning_board_database_sql_injection.nasl
   trunk/openvas-plugins/scripts/cpe.inc
Log:
* scripts/burning_board_database_sql_injection.nasl: Fixed the script
to use the correct KB key. Use get_kb_item() to test multiple
instances in parallel if necessary.

* scripts/cpe.inc: Removed incorrect key for Woltab Burning Board,
which is not set anywhere.


Modified: trunk/openvas-plugins/ChangeLog
===================================================================
--- trunk/openvas-plugins/ChangeLog	2011-09-06 06:28:44 UTC (rev 11563)
+++ trunk/openvas-plugins/ChangeLog	2011-09-06 07:31:11 UTC (rev 11564)
@@ -1,3 +1,12 @@
+2011-09-06  Henri Doreau <henri.doreau at greenbone.net>
+
+	* scripts/burning_board_database_sql_injection.nasl: Fixed the script
+	to use the correct KB key. Use get_kb_item() to test multiple
+	instances in parallel if necessary.
+
+	* scripts/cpe.inc: Removed incorrect key for Woltab Burning Board,
+	which is not set anywhere.
+
 2011-09-05 Thomas Reinke <reinke at securityspace.com>
 
 	* scripts/secpod_adobe_prdts_mult_vuln_apr10_lin.nasl,

Modified: trunk/openvas-plugins/scripts/burning_board_database_sql_injection.nasl
===================================================================
--- trunk/openvas-plugins/scripts/burning_board_database_sql_injection.nasl	2011-09-06 06:28:44 UTC (rev 11563)
+++ trunk/openvas-plugins/scripts/burning_board_database_sql_injection.nasl	2011-09-06 07:31:11 UTC (rev 11564)
@@ -26,19 +26,19 @@
 
 if(description)
 {
-script_id(80050);;
-script_bugtraq_id(15214, 16914);
-script_cve_id("CVE-2005-3369", "CVE-2006-1094");
-script_xref(name:"OSVDB", value:"20330");
-script_xref(name:"OSVDB", value:"23596");
+  script_id(80050);;
+  script_bugtraq_id(15214, 16914);
+  script_cve_id("CVE-2005-3369", "CVE-2006-1094");
+  script_xref(name:"OSVDB", value:"20330");
+  script_xref(name:"OSVDB", value:"23596");
 
-script_version("$Revision: 1.7 $");
-script_tag(name:"cvss_base", value:"7.5");
-script_tag(name:"risk_factor", value:"High");
-script_name("Woltlab Burning Board SQL injection flaw");
+  script_version("$Revision: 1.7 $");
+  script_tag(name:"cvss_base", value:"7.5");
+  script_tag(name:"risk_factor", value:"High");
+  script_name("Woltlab Burning Board SQL injection flaw");
 
 
-desc = "
+  desc = "
 Synopsis :
 
 The remote web server contains a PHP script that is susceptible to SQL
@@ -64,49 +64,44 @@
 High / CVSS Base Score : 7.5
 (CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P)";
 
-script_description(desc);
+  script_description(desc);
+  
+  script_summary("Checks SQL injection flaw in Woltlab Burning Board Database module");
+  script_category(ACT_ATTACK);
+  script_copyright("This script is Copyright (C) 2006 David Maciejak");
+  script_family("Web application abuses");
 
-script_summary("Checks SQL injection flaw in Woltlab Burning Board Database module");
-script_category(ACT_ATTACK);
-script_copyright("This script is Copyright (C) 2006 David Maciejak");
-script_family("Web application abuses");
+  script_dependencies("http_version.nasl");
+  script_exclude_keys("Settings/disable_cgi_scanning");
+  script_require_ports("Services/www", 80);
 
- script_dependencies("http_version.nasl");
- script_exclude_keys("Settings/disable_cgi_scanning");
- script_require_ports("Services/www", 80);
-
- exit(0);
+  exit(0);
 }
 
 include("http_func.inc");
 include("http_keepalive.inc");
 
 port = get_http_port(default:80);
-if ( ! port ) exit(0);
-if(!get_port_state(port))exit(0);
+if (!port) exit(0);
+
+if (!get_port_state(port)) exit(0);
 if (!can_host_php(port:port)) exit(0);
 
 
-# Test any installs.
-installs = get_kb_list(string("www/", port, "/burning_board*"));
+# Test any installs: this can fork()
+install = get_kb_item(string("www/", port, "/BurningBoard"));
 
-if ( isnull(installs) ) exit(0);
-
-installs = make_list(installs);
-
-foreach install (installs) {
+if (!isnull(install)) {
   matches = eregmatch(string:install, pattern:"^(.+) under (/.*)$");
   if (!isnull(matches)) {
-	loc = matches[2];
-	buf = http_get(item:string(loc,"/info_db.php?action=file&fileid=1/**/UNION/**/SELECT/**/"), port:port);
-	r = http_keepalive_send_recv(port:port, data:buf, bodyonly:1);
-	if( r == NULL )exit(0);
-	if(("Database error in WoltLab Burning Board" >< r) && ("Invalid SQL: SELECT * FROM" >< r))
-	{
-		security_hole(port);
-		set_kb_item(name: 'www/'+port+'/SQLInjection', value: TRUE);
-		exit(0);
-	}
+    loc = matches[2];
+    buf = http_get(item:string(loc,"/info_db.php?action=file&fileid=1/**/UNION/**/SELECT/**/"), port:port);
+    r = http_keepalive_send_recv(port:port, data:buf, bodyonly:1);
+    if(r == NULL)exit(0);
+    if(("Database error in WoltLab Burning Board" >< r) && ("Invalid SQL: SELECT * FROM" >< r)) {
+      security_hole(port);
+      set_kb_item(name: 'www/'+port+'/SQLInjection', value: TRUE);
+    }
   }
 }
 

Modified: trunk/openvas-plugins/scripts/cpe.inc
===================================================================
--- trunk/openvas-plugins/scripts/cpe.inc	2011-09-06 06:28:44 UTC (rev 11563)
+++ trunk/openvas-plugins/scripts/cpe.inc	2011-09-06 07:31:11 UTC (rev 11564)
@@ -190,7 +190,6 @@
 "www/*/TorrentTraderClassic", "^([0-9.]+)", "cpe:/a:torrenttrader:torrenttrader_classic:",
 "www/*/torrenttrader", "^([0-9.]+)", "cpe:/a:torrenttrader:torrenttrader_classic:",
 "www/*/webfileexplorer", "^([0-9.]+)", "cpe:/a:webfileexplorer:web_file_explorer:",
-"www/*/burning_board*", "^([0-9.]+([a-z0-9]+)?)", "cpe:/a:woltlab:burning_board:",
 "znc/*/version", "^([0-9.]+)", "cpe:/a:znc:znc:",
 "www/*/chora", "^([0-9.]+)", "cpe:/a:horde:chora:",
 "www/*/horde", "^([0-9.]+)", "cpe:/a:horde:horde_groupware:",

More information about the Openvas-commits mailing list