[Openvas-commits] r13733 - in trunk/openvas-plugins: . scripts
scm-commit at wald.intevation.org
scm-commit at wald.intevation.org
Fri Jul 13 18:14:27 CEST 2012
Author: mime
Date: 2012-07-13 18:14:22 +0200 (Fri, 13 Jul 2012)
New Revision: 13733
Added:
trunk/openvas-plugins/scripts/gb_VMSA-2012-0012.nasl
trunk/openvas-plugins/scripts/gb_wordpress_54413.nasl
Modified:
trunk/openvas-plugins/ChangeLog
trunk/openvas-plugins/scripts/WordPress_35755.nasl
trunk/openvas-plugins/scripts/gb_VMSA-2012-0011.nasl
trunk/openvas-plugins/scripts/gb_is_human_plugin_cmd_exec_vuln.nasl
trunk/openvas-plugins/scripts/gb_wordpress_38876.nasl
trunk/openvas-plugins/scripts/gb_wordpress_45294.nasl
trunk/openvas-plugins/scripts/gb_wordpress_49259.nasl
trunk/openvas-plugins/scripts/gb_wordpress_49271.nasl
trunk/openvas-plugins/scripts/gb_wordpress_49665.nasl
trunk/openvas-plugins/scripts/gb_wordpress_49669.nasl
trunk/openvas-plugins/scripts/gb_wordpress_49685.nasl
trunk/openvas-plugins/scripts/gb_wordpress_49688.nasl
trunk/openvas-plugins/scripts/gb_wordpress_49689.nasl
trunk/openvas-plugins/scripts/gb_wordpress_49691.nasl
trunk/openvas-plugins/scripts/gb_wordpress_49713.nasl
trunk/openvas-plugins/scripts/gb_wordpress_50080.nasl
trunk/openvas-plugins/scripts/gb_wordpress_50105.nasl
trunk/openvas-plugins/scripts/gb_wordpress_50861.nasl
trunk/openvas-plugins/scripts/gb_wordpress_50921.nasl
trunk/openvas-plugins/scripts/gb_wordpress_51402.nasl
trunk/openvas-plugins/scripts/gb_wordpress_52986.nasl
trunk/openvas-plugins/scripts/gb_wordpress_asset_manager_file_upload_vuln.nasl
trunk/openvas-plugins/scripts/gb_wordpress_cartpress_plugin_xss_vuln.nasl
trunk/openvas-plugins/scripts/gb_wordpress_comment_rating_plugin_mult_vuln.nasl
trunk/openvas-plugins/scripts/gb_wordpress_comment_rating_plugin_sql_vuln.nasl
trunk/openvas-plugins/scripts/gb_wordpress_foxypress_file_upload_vuln.nasl
trunk/openvas-plugins/scripts/gb_wordpress_gd_star_rating_plugin_sql_inj_vuln.nasl
trunk/openvas-plugins/scripts/gb_wordpress_grand_fia_gallery_plugin_dir_trav_vuln.nasl
trunk/openvas-plugins/scripts/gb_wordpress_html5_av_mgr_file_upload_vuln.nasl
trunk/openvas-plugins/scripts/gb_wordpress_iframe_admin_pages_plugin_xss_vuln.nasl
trunk/openvas-plugins/scripts/gb_wordpress_inline_gallery_plugin_xss_vuln.nasl
trunk/openvas-plugins/scripts/gb_wordpress_ip_logger_plugin_sql_inj_vuln.nasl
trunk/openvas-plugins/scripts/gb_wordpress_iwantonebutton_plugin_xss_vuln.nasl
trunk/openvas-plugins/scripts/gb_wordpress_media_library_categories_plugin_sql_inj_vuln.nasl
trunk/openvas-plugins/scripts/gb_wordpress_mult_themes_xss_vuln.nasl
trunk/openvas-plugins/scripts/gb_wordpress_mult_vuln_jul09.nasl
trunk/openvas-plugins/scripts/gb_wordpress_mult_vuln_may09.nasl
trunk/openvas-plugins/scripts/gb_wordpress_myeasybackup_plugin_dir_trav_vuln.nasl
trunk/openvas-plugins/scripts/gb_wordpress_nmedia_member_conv_file_upload_vuln.nasl
trunk/openvas-plugins/scripts/gb_wordpress_nmedia_users_file_upload_vuln.nasl
trunk/openvas-plugins/scripts/gb_wordpress_omni_sec_files_file_upload_vuln.nasl
trunk/openvas-plugins/scripts/gb_wordpress_ops_old_post_spinner_plugin_ops_file_dir_trav.nasl
trunk/openvas-plugins/scripts/gb_wordpress_photosmash_xss_vuln.nasl
trunk/openvas-plugins/scripts/gb_wordpress_php_speedy_plugin_code_exec_vuln.nasl
trunk/openvas-plugins/scripts/gb_wordpress_php_speedy_plugin_title_param_xss.nasl
trunk/openvas-plugins/scripts/gb_wordpress_pretty_link_plugin_mult_vuln.nasl
trunk/openvas-plugins/scripts/gb_wordpress_processing_embed_plugin_xss.nasl
trunk/openvas-plugins/scripts/gb_wordpress_register_plus_mult_vuln.nasl
trunk/openvas-plugins/scripts/gb_wordpress_register_plus_redux_mult_xss_vuln.nasl
trunk/openvas-plugins/scripts/gb_wordpress_rss_feed_reader_plugin_xss_vuln.nasl
trunk/openvas-plugins/scripts/gb_wordpress_safe_search_xss_vuln.nasl
trunk/openvas-plugins/scripts/gb_wordpress_setup_config_mult_vuln.nasl
trunk/openvas-plugins/scripts/gb_wordpress_sharebar_plugin_mult_vuln.nasl
trunk/openvas-plugins/scripts/gb_wordpress_socialmedia_buttons_plugin_xss_vuln.nasl
trunk/openvas-plugins/scripts/gb_wordpress_store_locator_plus_mult_vuln.nasl
trunk/openvas-plugins/scripts/gb_wordpress_theme_tuner_plugin_rfi_vuln.nasl
trunk/openvas-plugins/scripts/gb_wordpress_toolspack_backdoor_2012.nasl
trunk/openvas-plugins/scripts/gb_wordpress_upm_polls_plugin_sql_inj_vuln.nasl
trunk/openvas-plugins/scripts/gb_wordpress_user_id_and_user_name_disclosure.nasl
trunk/openvas-plugins/scripts/gb_wordpress_whois_plugin_xss_vuln.nasl
trunk/openvas-plugins/scripts/gb_wordpress_wp_custom_pages_plugin_dir_trav.nasl
trunk/openvas-plugins/scripts/gb_wordpress_wp_forum_server_plugin_sql_vuln.nasl
trunk/openvas-plugins/scripts/gb_wordpress_wp_property_file_upload_vuln.nasl
trunk/openvas-plugins/scripts/gb_wordpress_wp_symposium_plugin_uid_param_xss_vuln.nasl
trunk/openvas-plugins/scripts/gb_wordpress_wpecommerce_plugin_xss_vuln.nasl
trunk/openvas-plugins/scripts/gb_wordpress_wptouch_plugin_wptouch_settings_xss.nasl
trunk/openvas-plugins/scripts/gb_wordpress_zingiri_tickets_file_disc_vuln.nasl
trunk/openvas-plugins/scripts/gb_wordpressmu_mult_vuln_jul09.nasl
trunk/openvas-plugins/scripts/gb_wordpressmu_xss_vuln_apr09.nasl
trunk/openvas-plugins/scripts/gb_wp_proplayer_49046.nasl
trunk/openvas-plugins/scripts/secpod_wordpress_backwpup_plugin_code_exec_vuln.nasl
trunk/openvas-plugins/scripts/secpod_wordpress_category_dropdown_plugin_xss_n_sql_inj_vuln.nasl
trunk/openvas-plugins/scripts/secpod_wordpress_detect_900182.nasl
trunk/openvas-plugins/scripts/secpod_wordpress_feedlist_xss_vuln.nasl
trunk/openvas-plugins/scripts/secpod_wordpress_mingle_forum_plugin_xss_vuln.nasl
trunk/openvas-plugins/scripts/secpod_wordpress_mu_sec_bypass_vuln.nasl
trunk/openvas-plugins/scripts/secpod_wordpress_mult_plugins_sql_inj_vuln.nasl
trunk/openvas-plugins/scripts/secpod_wordpress_mult_vuln_aug09.nasl
trunk/openvas-plugins/scripts/secpod_wordpress_mult_vuln_nov09.nasl
trunk/openvas-plugins/scripts/secpod_wordpress_photoracer_plugin_id_sql_inj_vuln.nasl
trunk/openvas-plugins/scripts/secpod_wordpress_php_code_exec_vuln_900183.nasl
trunk/openvas-plugins/scripts/secpod_wordpress_php_files_info_disc_vuln.nasl
trunk/openvas-plugins/scripts/secpod_wordpress_register_plus_redux_mult_vuln.nasl
trunk/openvas-plugins/scripts/secpod_wordpress_sec_bypass_vuln.nasl
trunk/openvas-plugins/scripts/secpod_wordpress_universal_post_mgr_plug_mult_xss.nasl
trunk/openvas-plugins/scripts/secpod_wordpress_wp_css_lfi_vuln.nasl
trunk/openvas-plugins/scripts/secpod_wordpress_wp_stats_dashboard_mult_xss_vuln.nasl
trunk/openvas-plugins/scripts/secpod_wordpress_wptouch_url_redirection_vuln.nasl
trunk/openvas-plugins/scripts/secpod_wordpress_wptrackback_dos_vuln.nasl
trunk/openvas-plugins/scripts/secpod_wordpress_zingiri_web_shop_mult_xss_vuln.nasl
trunk/openvas-plugins/scripts/secpod_wordpress_zingiri_web_shop_rfi_vuln.nasl
trunk/openvas-plugins/scripts/wordpress_37005.nasl
trunk/openvas-plugins/scripts/wordpress_38368.nasl
Log:
Added new plugins. Updated to new detection. Use host details functions.
Modified: trunk/openvas-plugins/ChangeLog
===================================================================
--- trunk/openvas-plugins/ChangeLog 2012-07-13 14:52:32 UTC (rev 13732)
+++ trunk/openvas-plugins/ChangeLog 2012-07-13 16:14:22 UTC (rev 13733)
@@ -1,5 +1,107 @@
2012-07-12 Michael Meyer <michael.meyer at greenbone.net>
+ * scripts/gb_wordpress_54413.nasl,
+ scripts/gb_VMSA-2012-0012.nasl:
+ Added new plugins.
+
+ * scripts/secpod_wordpress_detect_900182.nasl:
+ Updated to new detection.
+
+ * scripts/secpod_wordpress_mult_vuln_aug09.nasl,
+ scripts/gb_wordpress_wp_forum_server_plugin_sql_vuln.nasl,
+ scripts/secpod_wordpress_photoracer_plugin_id_sql_inj_vuln.nasl,
+ scripts/gb_wordpress_mult_themes_xss_vuln.nasl,
+ scripts/secpod_wordpress_feedlist_xss_vuln.nasl,
+ scripts/gb_wordpress_omni_sec_files_file_upload_vuln.nasl,
+ scripts/gb_wordpress_49688.nasl,
+ scripts/gb_wordpress_wptouch_plugin_wptouch_settings_xss.nasl,
+ scripts/secpod_wordpress_wp_css_lfi_vuln.nasl,
+ scripts/gb_wordpress_mult_vuln_jul09.nasl,
+ scripts/secpod_wordpress_wptouch_url_redirection_vuln.nasl,
+ scripts/gb_wordpress_45294.nasl,
+ scripts/gb_wordpress_zingiri_tickets_file_disc_vuln.nasl,
+ scripts/gb_wordpress_51402.nasl,
+ scripts/gb_wordpress_rss_feed_reader_plugin_xss_vuln.nasl,
+ scripts/gb_wordpress_49685.nasl,
+ scripts/secpod_wordpress_category_dropdown_plugin_xss_n_sql_inj_vuln.nasl,
+ scripts/gb_wordpress_safe_search_xss_vuln.nasl,
+ scripts/gb_wordpress_nmedia_member_conv_file_upload_vuln.nasl,
+ scripts/gb_wordpress_49665.nasl,
+ scripts/gb_wordpress_ops_old_post_spinner_plugin_ops_file_dir_trav.nasl,
+ scripts/gb_wordpress_wpecommerce_plugin_xss_vuln.nasl,
+ scripts/gb_wordpress_50921.nasl,
+ scripts/gb_wordpress_50105.nasl,
+ scripts/secpod_wordpress_php_code_exec_vuln_900183.nasl,
+ scripts/gb_wordpress_iframe_admin_pages_plugin_xss_vuln.nasl,
+ scripts/gb_wp_proplayer_49046.nasl,
+ scripts/gb_wordpress_comment_rating_plugin_sql_vuln.nasl,
+ scripts/gb_wordpress_cartpress_plugin_xss_vuln.nasl,
+ scripts/secpod_wordpress_php_files_info_disc_vuln.nasl,
+ scripts/gb_wordpress_38876.nasl,
+ scripts/gb_wordpressmu_xss_vuln_apr09.nasl,
+ scripts/gb_VMSA-2012-0011.nasl,
+ scripts/gb_wordpress_photosmash_xss_vuln.nasl,
+ scripts/gb_wordpress_grand_fia_gallery_plugin_dir_trav_vuln.nasl,
+ scripts/wordpress_38368.nasl,
+ scripts/gb_wordpress_49259.nasl,
+ scripts/gb_wordpress_49691.nasl,
+ scripts/secpod_wordpress_zingiri_web_shop_rfi_vuln.nasl,
+ scripts/secpod_wordpress_mult_vuln_nov09.nasl,
+ scripts/gb_wordpress_wp_symposium_plugin_uid_param_xss_vuln.nasl,
+ scripts/secpod_wordpress_wptrackback_dos_vuln.nasl,
+ scripts/gb_wordpress_52986.nasl,
+ scripts/gb_is_human_plugin_cmd_exec_vuln.nasl,
+ scripts/gb_wordpress_49689.nasl,
+ scripts/gb_wordpress_nmedia_users_file_upload_vuln.nasl,
+ scripts/gb_wordpress_inline_gallery_plugin_xss_vuln.nasl,
+ scripts/gb_wordpress_setup_config_mult_vuln.nasl,
+ scripts/gb_wordpress_html5_av_mgr_file_upload_vuln.nasl,
+ scripts/gb_wordpress_myeasybackup_plugin_dir_trav_vuln.nasl,
+ scripts/gb_wordpress_50861.nasl,
+ scripts/gb_wordpress_iwantonebutton_plugin_xss_vuln.nasl,
+ scripts/gb_wordpress_media_library_categories_plugin_sql_inj_vuln.nasl,
+ scripts/gb_wordpress_pretty_link_plugin_mult_vuln.nasl,
+ scripts/gb_wordpress_49669.nasl,
+ scripts/secpod_wordpress_sec_bypass_vuln.nasl,
+ scripts/gb_wordpress_mult_vuln_may09.nasl,
+ scripts/gb_wordpress_gd_star_rating_plugin_sql_inj_vuln.nasl,
+ scripts/gb_wordpress_toolspack_backdoor_2012.nasl,
+ scripts/gb_wordpress_whois_plugin_xss_vuln.nasl,
+ scripts/secpod_wordpress_backwpup_plugin_code_exec_vuln.nasl,
+ scripts/gb_wordpress_socialmedia_buttons_plugin_xss_vuln.nasl,
+ scripts/gb_wordpress_user_id_and_user_name_disclosure.nasl,
+ scripts/gb_wordpressmu_mult_vuln_jul09.nasl,
+ scripts/gb_wordpress_register_plus_redux_mult_xss_vuln.nasl,
+ scripts/wordpress_37005.nasl,
+ scripts/secpod_wordpress_mingle_forum_plugin_xss_vuln.nasl,
+ scripts/secpod_wordpress_zingiri_web_shop_mult_xss_vuln.nasl,
+ scripts/gb_wordpress_ip_logger_plugin_sql_inj_vuln.nasl,
+ scripts/gb_wordpress_asset_manager_file_upload_vuln.nasl,
+ scripts/gb_wordpress_processing_embed_plugin_xss.nasl,
+ scripts/secpod_wordpress_mu_sec_bypass_vuln.nasl,
+ scripts/gb_wordpress_49271.nasl,
+ scripts/gb_wordpress_sharebar_plugin_mult_vuln.nasl,
+ scripts/secpod_wordpress_universal_post_mgr_plug_mult_xss.nasl,
+ scripts/gb_wordpress_50080.nasl,
+ scripts/gb_wordpress_store_locator_plus_mult_vuln.nasl,
+ scripts/gb_wordpress_foxypress_file_upload_vuln.nasl,
+ scripts/gb_wordpress_comment_rating_plugin_mult_vuln.nasl,
+ scripts/gb_wordpress_wp_custom_pages_plugin_dir_trav.nasl,
+ scripts/gb_wordpress_php_speedy_plugin_title_param_xss.nasl,
+ scripts/gb_wordpress_php_speedy_plugin_code_exec_vuln.nasl,
+ scripts/WordPress_35755.nasl,
+ scripts/gb_wordpress_49713.nasl,
+ scripts/gb_wordpress_register_plus_mult_vuln.nasl,
+ scripts/gb_wordpress_theme_tuner_plugin_rfi_vuln.nasl,
+ scripts/secpod_wordpress_register_plus_redux_mult_vuln.nasl,
+ scripts/gb_wordpress_wp_property_file_upload_vuln.nasl,
+ scripts/gb_wordpress_upm_polls_plugin_sql_inj_vuln.nasl,
+ scripts/secpod_wordpress_mult_plugins_sql_inj_vuln.nasl,
+ scripts/secpod_wordpress_wp_stats_dashboard_mult_xss_vuln.nasl:
+ Use host details functions.
+
+2012-07-12 Michael Meyer <michael.meyer at greenbone.net>
+
* scripts/gb_cobbler_detect.nasl.
scripts/gb_cobbler_53666.nasl:
Added new plugins.
Modified: trunk/openvas-plugins/scripts/WordPress_35755.nasl
===================================================================
--- trunk/openvas-plugins/scripts/WordPress_35755.nasl 2012-07-13 14:52:32 UTC (rev 13732)
+++ trunk/openvas-plugins/scripts/WordPress_35755.nasl 2012-07-13 16:14:22 UTC (rev 13733)
@@ -24,9 +24,12 @@
# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
###############################################################################
+SCRIPT_OID = "1.3.6.1.4.1.25623.1.0.100239";
+CPE = "cpe:/a:wordpress:wordpress";
+
if (description)
{
- script_id(100239);
+ script_oid(SCRIPT_OID);
script_version("$Revision$");
script_tag(name:"last_modification", value:"$Date$");
script_tag(name:"creation_date", value:"2009-07-22 19:53:45 +0200 (Wed, 22 Jul 2009)");
@@ -76,17 +79,14 @@
include("http_func.inc");
include("http_keepalive.inc");
include("version_func.inc");
+include("host_details.inc");
-port = get_http_port(default:80);
+
+if(!port = get_app_port(cpe:CPE, nvt:SCRIPT_OID))exit(0);
if(!get_port_state(port))exit(0);
-if (!can_host_php(port:port)) exit(0);
+if(!vers = get_app_version(cpe:CPE, nvt:SCRIPT_OID, port:port))exit(0);
-if(!version = get_kb_item(string("www/", port, "/WordPress")))exit(0);
-if(!matches = eregmatch(string:version, pattern:"^(.+) under (/.*)$"))exit(0);
-
-vers = matches[1];
-
if(!isnull(vers) && vers >!< "unknown") {
if(version_is_less(version: vers, test_version: "2.8.2")) {
Modified: trunk/openvas-plugins/scripts/gb_VMSA-2012-0011.nasl
===================================================================
--- trunk/openvas-plugins/scripts/gb_VMSA-2012-0011.nasl 2012-07-13 14:52:32 UTC (rev 13732)
+++ trunk/openvas-plugins/scripts/gb_VMSA-2012-0011.nasl 2012-07-13 16:14:22 UTC (rev 13733)
@@ -33,7 +33,7 @@
script_name("VMSA-2012-0011 VMware Workstation, Player, Fusion, ESXi and ESX patches address security issues.");
desc = "Overview:
-The remote ESXi is missing one or more security related Updates from VMSA-2012-0010.
+The remote ESXi is missing one or more security related Updates from VMSA-2012-0011.
Summary
VMware Workstation, Player, Fusion, ESXi and ESX patches address security issues.
Added: trunk/openvas-plugins/scripts/gb_VMSA-2012-0012.nasl
===================================================================
--- trunk/openvas-plugins/scripts/gb_VMSA-2012-0012.nasl (rev 0)
+++ trunk/openvas-plugins/scripts/gb_VMSA-2012-0012.nasl 2012-07-13 16:14:22 UTC (rev 13733)
@@ -0,0 +1,95 @@
+###############################################################################
+# OpenVAS Vulnerability Test
+# $Id$
+#
+# VMSA-2012-0012 VMware ESXi update addresses several security issues.
+#
+# Authors:
+# Michael Meyer <michael.meyer at greenbone.net>
+#
+# Copyright:
+# Copyright (c) 2012 Greenbone Networks GmbH
+#
+# This program is free software; you can redistribute it and/or
+# modify it under the terms of the GNU General Public License
+# as published by the Free Software Foundation; either version 2
+# of the License, or (at your option) any later version.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, write to the Free Software
+# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
+###############################################################################
+
+if (description)
+{
+ script_id(103517);
+ script_cve_id("CVE-2010-4008","CVE-2010-4494","CVE-2011-0216","CVE-2011-1944","CVE-2011-2821","CVE-2011-2834","CVE-2011-3905","CVE-2011-3919","CVE-2012-0841");
+ script_tag(name:"cvss_base", value:"10.0");
+ script_tag(name:"cvss_base_vector", value:"AV:N/AC:L/Au:N/C:C/I:C/A:C");
+ script_version ("$Revision$");
+ script_name("VMSA-2012-0012 VMware ESXi update addresses several security issues.");
+
+desc = "Overview:
+The remote ESXi is missing one or more security related Updates from VMSA-2012-0012.
+
+Summary
+VMware ESXi update addresses several security issues.
+
+Relevant releases
+ESX 5.0 without patch ESXi500-201207101-SG
+
+Problem Description
+
+a. ESXi update to third party component libxml2
+
+The libxml2 third party library has been updated which addresses multiple security issues.
+
+Solution
+Apply the missing patch(es).
+
+See also:
+http://www.vmware.com/security/advisories/VMSA-2012-0012.html";
+
+ script_tag(name:"risk_factor", value:"Critical");
+ script_tag(name:"last_modification", value:"$Date$");
+ script_tag(name:"creation_date", value:"2012-07-13 17:02:01 +0100 (Fri, 13 Jul 2012)");
+ script_description(desc);
+ script_summary("Checks for installed patches.");
+ script_category(ACT_GATHER_INFO);
+ script_family("VMware Local Security Checks");
+ script_copyright("This script is Copyright (C) 2012 Greenbone Networks GmbH");
+ script_dependencies("gb_vmware_esxi_init.nasl");
+ script_require_keys("VMware/ESXi/LSC","VMware/ESX/version");
+ exit(0);
+}
+
+include("vmware_esx.inc");
+include("version_func.inc");
+
+if(!get_kb_item('VMware/ESXi/LSC'))exit(0);
+if(! esxVersion = get_kb_item("VMware/ESX/version"))exit(0);
+
+patches = make_array("5.0.0","VIB:esx-base:5.0.0-1.18.768111");
+
+if(!patches[esxVersion])exit(0);
+
+if(_esxi_patch_missing(esxi_version:esxVersion, patch:patches[esxVersion])) {
+
+ security_hole(port:0);
+ exit(0);
+
+}
+
+exit(99);
+
+
+
+
+
+
+
Property changes on: trunk/openvas-plugins/scripts/gb_VMSA-2012-0012.nasl
___________________________________________________________________
Added: svn:keywords
+ Id Revision Date
Modified: trunk/openvas-plugins/scripts/gb_is_human_plugin_cmd_exec_vuln.nasl
===================================================================
--- trunk/openvas-plugins/scripts/gb_is_human_plugin_cmd_exec_vuln.nasl 2012-07-13 14:52:32 UTC (rev 13732)
+++ trunk/openvas-plugins/scripts/gb_is_human_plugin_cmd_exec_vuln.nasl 2012-07-13 16:14:22 UTC (rev 13733)
@@ -24,9 +24,12 @@
# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
###############################################################################
+SCRIPT_OID = "1.3.6.1.4.1.25623.1.0.802021";
+CPE = "cpe:/a:wordpress:wordpress";
+
if(description)
{
- script_id(802021);
+ script_oid(SCRIPT_OID);
script_version("$Revision$");
script_tag(name:"last_modification", value:"$Date$");
script_tag(name:"creation_date", value:"2011-05-26 10:47:46 +0200 (Thu, 26 May 2011)");
@@ -79,9 +82,10 @@
include("http_func.inc");
include("version_func.inc");
include("http_keepalive.inc");
+include("host_details.inc");
## Get HTTP Port
-port = get_http_port(default:80);
+port = get_app_port(cpe:CPE, nvt:SCRIPT_OID);
if(!port){
exit(0);
}
@@ -92,7 +96,7 @@
}
## Get WordPress Installed Location
-if(!dir = get_dir_from_kb(port:port, app:"WordPress")){
+if(!dir = get_app_location(cpe:CPE, nvt:SCRIPT_OID, port:port)){
exit(0);
}
Modified: trunk/openvas-plugins/scripts/gb_wordpress_38876.nasl
===================================================================
--- trunk/openvas-plugins/scripts/gb_wordpress_38876.nasl 2012-07-13 14:52:32 UTC (rev 13732)
+++ trunk/openvas-plugins/scripts/gb_wordpress_38876.nasl 2012-07-13 16:14:22 UTC (rev 13733)
@@ -24,9 +24,12 @@
# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
###############################################################################
+SCRIPT_OID = "1.3.6.1.4.1.25623.1.0.100549";
+CPE = "cpe:/a:wordpress:wordpress";
+
if (description)
{
- script_id(100549);
+ script_oid(SCRIPT_OID);
script_version("$Revision$");
script_tag(name:"last_modification", value:"$Date$");
script_tag(name:"creation_date", value:"2010-03-24 17:54:30 +0100 (Wed, 24 Mar 2010)");
@@ -64,13 +67,14 @@
include("http_func.inc");
include("version_func.inc");
+include("host_details.inc");
-port = get_http_port(default:80);
+if(!port = get_app_port(cpe:CPE, nvt:SCRIPT_OID))exit(0);
if(!get_port_state(port))exit(0);
if (!can_host_php(port:port)) exit(0);
-if(vers = get_version_from_kb(port:port,app:"WordPress")) {
+if(vers = get_app_version(cpe:CPE, nvt:SCRIPT_OID, port:port)) {
if(version_is_less_equal(version: vers, test_version: "2.9.2")) {
security_warning(port:port);
Modified: trunk/openvas-plugins/scripts/gb_wordpress_45294.nasl
===================================================================
--- trunk/openvas-plugins/scripts/gb_wordpress_45294.nasl 2012-07-13 14:52:32 UTC (rev 13732)
+++ trunk/openvas-plugins/scripts/gb_wordpress_45294.nasl 2012-07-13 16:14:22 UTC (rev 13733)
@@ -24,9 +24,12 @@
# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
###############################################################################
+SCRIPT_OID = "1.3.6.1.4.1.25623.1.0.100944";
+CPE = "cpe:/a:wordpress:wordpress";
+
if (description)
{
- script_id(100944);
+ script_oid(SCRIPT_OID);
script_version("$Revision$");
script_tag(name:"last_modification", value:"$Date$");
script_tag(name:"creation_date", value:"2010-12-10 13:28:59 +0100 (Fri, 10 Dec 2010)");
@@ -75,13 +78,14 @@
include("http_func.inc");
include("http_keepalive.inc");
include("version_func.inc");
+include("host_details.inc");
-port = get_http_port(default:80);
+if(!port = get_app_port(cpe:CPE, nvt:SCRIPT_OID))exit(0);
if(!get_port_state(port))exit(0);
if(!can_host_php(port:port))exit(0);
-if(!dir = get_dir_from_kb(port:port, app:"WordPress")) {
- if(!dir = get_dir_from_kb(port:port, app:"WordPress-Mu"))exit(0);
+if(!dir = get_app_location(cpe:CPE, nvt:SCRIPT_OID, port:port)) {
+ if(!dir = get_app_location(cpe:"cpe:/a:wordpress:wordpress_mu", nvt:SCRIPT_OID, port:port))exit(0);
}
Modified: trunk/openvas-plugins/scripts/gb_wordpress_49259.nasl
===================================================================
--- trunk/openvas-plugins/scripts/gb_wordpress_49259.nasl 2012-07-13 14:52:32 UTC (rev 13732)
+++ trunk/openvas-plugins/scripts/gb_wordpress_49259.nasl 2012-07-13 16:14:22 UTC (rev 13733)
@@ -24,9 +24,12 @@
# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
###############################################################################
+SCRIPT_OID = "1.3.6.1.4.1.25623.1.0.103218";
+CPE = "cpe:/a:wordpress:wordpress";
+
if (description)
{
- script_id(103218);
+ script_oid(SCRIPT_OID);
script_version("$Revision$");
script_tag(name:"last_modification", value:"$Date$");
script_tag(name:"creation_date", value:"2011-08-22 16:04:33 +0200 (Mon, 22 Aug 2011)");
@@ -69,12 +72,12 @@
include("http_keepalive.inc");
include("version_func.inc");
-port = get_http_port(default:80);
+if(!port = get_app_port(cpe:CPE, nvt:SCRIPT_OID))exit(0);
if(!get_port_state(port))exit(0);
if(!can_host_php(port:port))exit(0);
-if(!dir = get_dir_from_kb(port:port, app:"WordPress"))exit(0);
+if(!dir = get_app_location(cpe:CPE, nvt:SCRIPT_OID, port:port))exit(0);
files = traversal_files();
Modified: trunk/openvas-plugins/scripts/gb_wordpress_49271.nasl
===================================================================
--- trunk/openvas-plugins/scripts/gb_wordpress_49271.nasl 2012-07-13 14:52:32 UTC (rev 13732)
+++ trunk/openvas-plugins/scripts/gb_wordpress_49271.nasl 2012-07-13 16:14:22 UTC (rev 13733)
@@ -24,9 +24,12 @@
# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
###############################################################################
+SCRIPT_OID = "1.3.6.1.4.1.25623.1.0.103221";
+CPE = "cpe:/a:wordpress:wordpress";
+
if (description)
{
- script_id(103221);
+ script_oid(SCRIPT_OID);
script_version("$Revision$");
script_tag(name:"last_modification", value:"$Date$");
script_tag(name:"creation_date", value:"2011-08-23 15:25:10 +0200 (Tue, 23 Aug 2011)");
@@ -73,12 +76,12 @@
include("http_keepalive.inc");
include("version_func.inc");
-port = get_http_port(default:80);
+if(!port = get_app_port(cpe:CPE, nvt:SCRIPT_OID))exit(0);
if(!get_port_state(port))exit(0);
if(!can_host_php(port:port))exit(0);
-if(!dir = get_dir_from_kb(port:port, app:"WordPress"))exit(0);
+if(!dir = get_app_location(cpe:CPE, nvt:SCRIPT_OID, port:port))exit(0);
files = traversal_files();
Modified: trunk/openvas-plugins/scripts/gb_wordpress_49665.nasl
===================================================================
--- trunk/openvas-plugins/scripts/gb_wordpress_49665.nasl 2012-07-13 14:52:32 UTC (rev 13732)
+++ trunk/openvas-plugins/scripts/gb_wordpress_49665.nasl 2012-07-13 16:14:22 UTC (rev 13733)
@@ -24,9 +24,12 @@
# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
###############################################################################
+SCRIPT_OID = "1.3.6.1.4.1.25623.1.0.103259";
+CPE = "cpe:/a:wordpress:wordpress";
+
if (description)
{
- script_id(103259);
+ script_oid(SCRIPT_OID);
script_version("$Revision$");
script_tag(name:"last_modification", value:"$Date$");
script_tag(name:"creation_date", value:"2011-09-19 14:00:59 +0200 (Mon, 19 Sep 2011)");
@@ -69,12 +72,13 @@
include("http_keepalive.inc");
include("version_func.inc");
-port = get_http_port(default:80);
+if(!port = get_app_port(cpe:CPE, nvt:SCRIPT_OID))exit(0);
if(!get_port_state(port))exit(0);
if(!can_host_php(port:port))exit(0);
-if(!dir = get_dir_from_kb(port:port,app:"WordPress"))exit(0);
+if(!dir = get_app_location(cpe:CPE, nvt:SCRIPT_OID, port:port))exit(0);
+
url = string(dir, "/wp-content/plugins/count-per-day/notes.php?month=-1%20UNION%20ALL%20SELECT%201,2,0x4f70656e5641532d53514c2d496e6a656374696f6e2d54657374--");
if(http_vuln_check(port:port, url:url,pattern:"OpenVAS-SQL-Injection-Test")) {
Modified: trunk/openvas-plugins/scripts/gb_wordpress_49669.nasl
===================================================================
--- trunk/openvas-plugins/scripts/gb_wordpress_49669.nasl 2012-07-13 14:52:32 UTC (rev 13732)
+++ trunk/openvas-plugins/scripts/gb_wordpress_49669.nasl 2012-07-13 16:14:22 UTC (rev 13733)
@@ -24,9 +24,12 @@
# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
###############################################################################
+SCRIPT_OID = "1.3.6.1.4.1.25623.1.0.103258";
+CPE = "cpe:/a:wordpress:wordpress";
+
if (description)
{
- script_id(103258);
+ script_oid(SCRIPT_OID);
script_version("$Revision$");
script_tag(name:"last_modification", value:"$Date$");
script_tag(name:"creation_date", value:"2011-09-19 14:00:59 +0200 (Mon, 19 Sep 2011)");
@@ -69,12 +72,12 @@
include("http_keepalive.inc");
include("version_func.inc");
-port = get_http_port(default:80);
+if(!port = get_app_port(cpe:CPE, nvt:SCRIPT_OID))exit(0);
if(!get_port_state(port))exit(0);
if(!can_host_php(port:port))exit(0);
-if(!dir = get_dir_from_kb(port:port,app:"WordPress"))exit(0);
+if(!dir = get_app_location(cpe:CPE, nvt:SCRIPT_OID, port:port))exit(0);
url = string(dir,"/wp-content/plugins/filedownload/download.php/?path=../../../wp-config.php ");
if(http_vuln_check(port:port, url:url,pattern:"DB_NAME",extra_check:make_list("DB_USER","DB_PASSWORD","DB_HOST"))) {
Modified: trunk/openvas-plugins/scripts/gb_wordpress_49685.nasl
===================================================================
--- trunk/openvas-plugins/scripts/gb_wordpress_49685.nasl 2012-07-13 14:52:32 UTC (rev 13732)
+++ trunk/openvas-plugins/scripts/gb_wordpress_49685.nasl 2012-07-13 16:14:22 UTC (rev 13733)
@@ -24,9 +24,12 @@
# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
###############################################################################
+SCRIPT_OID = "1.3.6.1.4.1.25623.1.0.103287";
+CPE = "cpe:/a:wordpress:wordpress";
+
if (description)
{
- script_id(103287);
+ script_oid(SCRIPT_OID);
script_version("$Revision$");
script_tag(name:"last_modification", value:"$Date$");
script_tag(name:"creation_date", value:"2011-10-06 13:32:57 +0200 (Thu, 06 Oct 2011)");
@@ -70,11 +73,11 @@
include("http_keepalive.inc");
include("version_func.inc");
-port = get_http_port(default:80);
+if(!port = get_app_port(cpe:CPE, nvt:SCRIPT_OID))exit(0);
if(!get_port_state(port))exit(0);
if(!can_host_php(port:port))exit(0);
-if(!dir = get_dir_from_kb(port:port, app:"WordPress"))exit(0);
+if(!dir = get_app_location(cpe:CPE, nvt:SCRIPT_OID, port:port))exit(0);
files = traversal_files();
foreach file (keys(files)) {
Modified: trunk/openvas-plugins/scripts/gb_wordpress_49688.nasl
===================================================================
--- trunk/openvas-plugins/scripts/gb_wordpress_49688.nasl 2012-07-13 14:52:32 UTC (rev 13732)
+++ trunk/openvas-plugins/scripts/gb_wordpress_49688.nasl 2012-07-13 16:14:22 UTC (rev 13733)
@@ -24,9 +24,12 @@
# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
###############################################################################
+SCRIPT_OID = "1.3.6.1.4.1.25623.1.0.103261";
+CPE = "cpe:/a:wordpress:wordpress";
+
if (description)
{
- script_id(103261);
+ script_oid(SCRIPT_OID);
script_version("$Revision$");
script_tag(name:"last_modification", value:"$Date$");
script_tag(name:"creation_date", value:"2011-09-20 13:31:33 +0200 (Tue, 20 Sep 2011)");
@@ -69,11 +72,11 @@
include("http_keepalive.inc");
include("version_func.inc");
-port = get_http_port(default:80);
+if(!port = get_app_port(cpe:CPE, nvt:SCRIPT_OID))exit(0);
if(!get_port_state(port))exit(0);
if(!can_host_php(port:port))exit(0);
-if(!dir = get_dir_from_kb(port:port, app:"WordPress"))exit(0);
+if(!dir = get_app_location(cpe:CPE, nvt:SCRIPT_OID, port:port))exit(0);
files = traversal_files();
Modified: trunk/openvas-plugins/scripts/gb_wordpress_49689.nasl
===================================================================
--- trunk/openvas-plugins/scripts/gb_wordpress_49689.nasl 2012-07-13 14:52:32 UTC (rev 13732)
+++ trunk/openvas-plugins/scripts/gb_wordpress_49689.nasl 2012-07-13 16:14:22 UTC (rev 13733)
@@ -24,9 +24,12 @@
# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
###############################################################################
+SCRIPT_OID = "1.3.6.1.4.1.25623.1.0.103262";
+CPE = "cpe:/a:wordpress:wordpress";
+
if (description)
{
- script_id(103262);
+ script_oid(SCRIPT_OID);
script_version("$Revision$");
script_tag(name:"last_modification", value:"$Date$");
script_tag(name:"creation_date", value:"2011-09-20 13:31:33 +0200 (Tue, 20 Sep 2011)");
@@ -69,11 +72,11 @@
include("http_keepalive.inc");
include("version_func.inc");
-port = get_http_port(default:80);
+if(!port = get_app_port(cpe:CPE, nvt:SCRIPT_OID))exit(0);
if(!get_port_state(port))exit(0);
if(!can_host_php(port:port))exit(0);
-if(!dir = get_dir_from_kb(port:port, app:"WordPress"))exit(0);
+if(!dir = get_app_location(cpe:CPE, nvt:SCRIPT_OID, port:port))exit(0);
files = traversal_files();
Modified: trunk/openvas-plugins/scripts/gb_wordpress_49691.nasl
===================================================================
--- trunk/openvas-plugins/scripts/gb_wordpress_49691.nasl 2012-07-13 14:52:32 UTC (rev 13732)
+++ trunk/openvas-plugins/scripts/gb_wordpress_49691.nasl 2012-07-13 16:14:22 UTC (rev 13733)
@@ -24,9 +24,12 @@
# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
###############################################################################
+SCRIPT_OID = "1.3.6.1.4.1.25623.1.0.103267";
+CPE = "cpe:/a:wordpress:wordpress";
+
if (description)
{
- script_id(103267);
+ script_oid(SCRIPT_OID);
script_version("$Revision$");
script_tag(name:"last_modification", value:"$Date$");
script_tag(name:"creation_date", value:"2011-09-22 13:43:24 +0200 (Thu, 22 Sep 2011)");
@@ -69,12 +72,12 @@
include("http_keepalive.inc");
include("version_func.inc");
-port = get_http_port(default:80);
+if(!port = get_app_port(cpe:CPE, nvt:SCRIPT_OID))exit(0);
if(!get_port_state(port))exit(0);
if(!can_host_php(port:port))exit(0);
-if(!dir = get_dir_from_kb(port:port, app:"WordPress"))exit(0);
+if(!dir = get_app_location(cpe:CPE, nvt:SCRIPT_OID, port:port))exit(0);
files = traversal_files();
foreach file (keys(files)) {
Modified: trunk/openvas-plugins/scripts/gb_wordpress_49713.nasl
===================================================================
--- trunk/openvas-plugins/scripts/gb_wordpress_49713.nasl 2012-07-13 14:52:32 UTC (rev 13732)
+++ trunk/openvas-plugins/scripts/gb_wordpress_49713.nasl 2012-07-13 16:14:22 UTC (rev 13733)
@@ -24,9 +24,12 @@
# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
###############################################################################
+SCRIPT_OID = "1.3.6.1.4.1.25623.1.0.103264";
+CPE = "cpe:/a:wordpress:wordpress";
+
if (description)
{
- script_id(103264);
+ script_oid(SCRIPT_OID);
script_version("$Revision$");
script_tag(name:"last_modification", value:"$Date$");
script_tag(name:"creation_date", value:"2011-09-22 13:43:24 +0200 (Thu, 22 Sep 2011)");
@@ -73,12 +76,12 @@
include("http_keepalive.inc");
include("version_func.inc");
-port = get_http_port(default:80);
+if(!port = get_app_port(cpe:CPE, nvt:SCRIPT_OID))exit(0);
if(!get_port_state(port))exit(0);
if(!can_host_php(port:port))exit(0);
-if(!dir = get_dir_from_kb(port:port, app:"WordPress"))exit(0);
+if(!dir = get_app_location(cpe:CPE, nvt:SCRIPT_OID, port:port))exit(0);
files = traversal_files();
Modified: trunk/openvas-plugins/scripts/gb_wordpress_50080.nasl
===================================================================
--- trunk/openvas-plugins/scripts/gb_wordpress_50080.nasl 2012-07-13 14:52:32 UTC (rev 13732)
+++ trunk/openvas-plugins/scripts/gb_wordpress_50080.nasl 2012-07-13 16:14:22 UTC (rev 13733)
@@ -24,9 +24,12 @@
# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
###############################################################################
+SCRIPT_OID = "1.3.6.1.4.1.25623.1.0.103300";
+CPE = "cpe:/a:wordpress:wordpress";
+
if (description)
{
- script_id(103300);
+ script_oid(SCRIPT_OID);
script_version("$Revision$");
script_tag(name:"last_modification", value:"$Date$");
script_tag(name:"creation_date", value:"2011-10-14 12:50:33 +0200 (Fri, 14 Oct 2011)");
@@ -75,12 +78,12 @@
include("http_keepalive.inc");
include("version_func.inc");
-port = get_http_port(default:80);
+if(!port = get_app_port(cpe:CPE, nvt:SCRIPT_OID))exit(0);
if(!get_port_state(port))exit(0);
if(!can_host_php(port:port))exit(0);
-if(!dir = get_dir_from_kb(port:port, app:"WordPress"))exit(0);
+if(!dir = get_app_location(cpe:CPE, nvt:SCRIPT_OID, port:port))exit(0);
files = traversal_files();
foreach file (keys(files)) {
Modified: trunk/openvas-plugins/scripts/gb_wordpress_50105.nasl
===================================================================
--- trunk/openvas-plugins/scripts/gb_wordpress_50105.nasl 2012-07-13 14:52:32 UTC (rev 13732)
+++ trunk/openvas-plugins/scripts/gb_wordpress_50105.nasl 2012-07-13 16:14:22 UTC (rev 13733)
@@ -24,9 +24,12 @@
# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
###############################################################################
+SCRIPT_OID = "1.3.6.1.4.1.25623.1.0.103303";
+CPE = "cpe:/a:wordpress:wordpress";
+
if (description)
{
- script_id(103303);
+ script_oid(SCRIPT_OID);
script_version("$Revision$");
script_tag(name:"last_modification", value:"$Date$");
script_tag(name:"creation_date", value:"2011-10-18 13:33:12 +0200 (Tue, 18 Oct 2011)");
@@ -77,11 +80,12 @@
include("http_keepalive.inc");
include("version_func.inc");
-port = get_http_port(default:80);
+if(!port = get_app_port(cpe:CPE, nvt:SCRIPT_OID))exit(0);
+
if(!get_port_state(port))exit(0);
if(!can_host_php(port:port))exit(0);
-if(!dir = get_dir_from_kb(port:port, app:"WordPress"))exit(0);
+if(!dir = get_app_location(cpe:CPE, nvt:SCRIPT_OID, port:port))exit(0);
files = traversal_files();
foreach file (keys(files)) {
Modified: trunk/openvas-plugins/scripts/gb_wordpress_50861.nasl
===================================================================
--- trunk/openvas-plugins/scripts/gb_wordpress_50861.nasl 2012-07-13 14:52:32 UTC (rev 13732)
+++ trunk/openvas-plugins/scripts/gb_wordpress_50861.nasl 2012-07-13 16:14:22 UTC (rev 13733)
@@ -25,9 +25,12 @@
# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
###############################################################################
+SCRIPT_OID = "1.3.6.1.4.1.25623.1.0.103351";
+CPE = "cpe:/a:wordpress:wordpress";
+
if (description)
{
- script_id(103351);
+ script_oid(SCRIPT_OID);
script_bugtraq_id(50861);
script_version ("$Revision$");
script_tag(name:"cvss_base", value:"4.3");
@@ -69,12 +72,13 @@
include("http_keepalive.inc");
include("version_func.inc");
-port = get_http_port(default:80);
+if(!port = get_app_port(cpe:CPE, nvt:SCRIPT_OID))exit(0);
+
if(!get_port_state(port))exit(0);
if(!can_host_php(port:port))exit(0);
-if(!dir = get_dir_from_kb(port:port, app:"WordPress"))exit(0);
-
+if(!dir = get_app_location(cpe:CPE, nvt:SCRIPT_OID, port:port))exit(0);
+
url = string(dir, "/wp-content/plugins/flash-album-gallery/facebook.php?i=</script><script>alert(/openvas-xss-test/)</script>");
if(http_vuln_check(port:port, url:url,pattern:"</script><script>alert\(/openvas-xss-test/\)</script>",check_header:TRUE)) {
Modified: trunk/openvas-plugins/scripts/gb_wordpress_50921.nasl
===================================================================
--- trunk/openvas-plugins/scripts/gb_wordpress_50921.nasl 2012-07-13 14:52:32 UTC (rev 13732)
+++ trunk/openvas-plugins/scripts/gb_wordpress_50921.nasl 2012-07-13 16:14:22 UTC (rev 13733)
@@ -25,9 +25,12 @@
# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
###############################################################################
+SCRIPT_OID = "1.3.6.1.4.1.25623.1.0.103358";
+CPE = "cpe:/a:wordpress:wordpress";
+
if (description)
{
- script_id(103358);
+ script_oid(SCRIPT_OID);
script_bugtraq_id(50921);
script_version ("$Revision$");
script_tag(name:"cvss_base", value:"4.3");
@@ -71,11 +74,11 @@
include("http_keepalive.inc");
include("version_func.inc");
-port = get_http_port(default:80);
+if(!port = get_app_port(cpe:CPE, nvt:SCRIPT_OID))exit(0);
if(!get_port_state(port))exit(0);
if(!can_host_php(port:port))exit(0);
-if(!dir = get_dir_from_kb(port:port, app:"WordPress"))exit(0);
+if(!dir = get_app_location(cpe:CPE, nvt:SCRIPT_OID, port:port))exit(0);
url = string(dir, '/wp-content/plugins/pretty-link/pretty-bar.php?url="><script>alert(/openvas-xss-test/)</script>');
Modified: trunk/openvas-plugins/scripts/gb_wordpress_51402.nasl
===================================================================
--- trunk/openvas-plugins/scripts/gb_wordpress_51402.nasl 2012-07-13 14:52:32 UTC (rev 13732)
+++ trunk/openvas-plugins/scripts/gb_wordpress_51402.nasl 2012-07-13 16:14:22 UTC (rev 13733)
@@ -25,9 +25,12 @@
# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
###############################################################################
+SCRIPT_OID = "1.3.6.1.4.1.25623.1.0.103389";
+CPE = "cpe:/a:wordpress:wordpress";
+
if (description)
{
- script_id(103389);
+ script_oid(SCRIPT_OID);
script_bugtraq_id(51402);
script_version ("$Revision$");
script_tag(name:"cvss_base", value:"5.0");
@@ -74,12 +77,12 @@
include("http_keepalive.inc");
include("version_func.inc");
-port = get_http_port(default:80);
+if(!port = get_app_port(cpe:CPE, nvt:SCRIPT_OID))exit(0);
if(!get_port_state(port))exit(0);
if(!can_host_php(port:port))exit(0);
-if(!dir = get_dir_from_kb(port:port,app:"WordPress"))exit(0);
+if(!dir = get_app_location(cpe:CPE, nvt:SCRIPT_OID, port:port))exit(0);
files = traversal_files();
foreach file (keys(files)) {
Modified: trunk/openvas-plugins/scripts/gb_wordpress_52986.nasl
===================================================================
--- trunk/openvas-plugins/scripts/gb_wordpress_52986.nasl 2012-07-13 14:52:32 UTC (rev 13732)
+++ trunk/openvas-plugins/scripts/gb_wordpress_52986.nasl 2012-07-13 16:14:22 UTC (rev 13733)
@@ -25,9 +25,12 @@
# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
###############################################################################
+SCRIPT_OID = "1.3.6.1.4.1.25623.1.0.103463";
+CPE = "cpe:/a:wordpress:wordpress";
+
if (description)
{
- script_id(103463);
+ script_oid(SCRIPT_OID);
script_bugtraq_id(52986);
script_cve_id("CVE-2012-1835");
script_version ("$Revision$");
@@ -75,12 +78,12 @@
include("version_func.inc");
include("http_keepalive.inc");
-port = get_http_port(default:80);
+if(!port = get_app_port(cpe:CPE, nvt:SCRIPT_OID))exit(0);
if(!get_port_state(port))exit(0);
if(!can_host_php(port:port))exit(0);
-if(!dir = get_dir_from_kb(port:port, app:"WordPress"))exit(0);
+if(!dir = get_app_location(cpe:CPE, nvt:SCRIPT_OID, port:port))exit(0);
url = string(dir, "/wp-content/plugins/all-in-one-event-calendar/app/view/save_successful.php?msg=<script>alert(/openvas-xss-test/);</script>");
Added: trunk/openvas-plugins/scripts/gb_wordpress_54413.nasl
===================================================================
--- trunk/openvas-plugins/scripts/gb_wordpress_54413.nasl (rev 0)
+++ trunk/openvas-plugins/scripts/gb_wordpress_54413.nasl 2012-07-13 16:14:22 UTC (rev 13733)
@@ -0,0 +1,116 @@
+###############################################################################
+# OpenVAS Vulnerability Test
+# $Id$
+#
+# WordPress Global Content Blocks PHP Code Execution and Information Disclosure Vulnerabilities
+#
+# Authors:
+# Michael Meyer <michael.meyer at greenbone.net>
+#
+# Copyright:
+# Copyright (c) 2012 Greenbone Networks GmbH
+#
+# This program is free software; you can redistribute it and/or
+# modify it under the terms of the GNU General Public License
+# as published by the Free Software Foundation; either version 2
+# of the License, or (at your option) any later version.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, write to the Free Software
+# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
+###############################################################################
+
+SCRIPT_OID = "1.3.6.1.4.1.25623.1.0.103516";
+CPE = "cpe:/a:wordpress:wordpress";
+
+if (description)
+{
+ script_oid(SCRIPT_OID);
+ script_bugtraq_id(54413);
+ script_tag(name:"cvss_base", value:"7.5");
+ script_tag(name:"cvss_base_vector", value:"AV:N/AC:L/AU:N/C:P/I:P/A:P");
+ script_version ("$Revision$");
+
+ script_name("WordPress Global Content Blocks PHP Code Execution and Information Disclosure Vulnerabilities");
+
+desc = "Overview:
+Global Content Blocks is prone to multiple security vulnerabilities,
+including a remote PHP code-execution vulnerability and multiple information-
+disclosure vulnerability.
+
+Successful exploits of these issues may allow remote attackers to
+execute arbitrary malicious PHP code in the context of the application
+or obtain potentially sensitive information.
+
+Global Content Blocks 1.5.1 is vulnerable; other versions may also
+be affected.
+
+Solution:
+Updates are available. Please see the references for details.
+
+References:
+http://www.securityfocus.com/bid/54413
+http://www.wordpress.org/
+http://www.securelist.com/en/advisories/49854";
+
+ script_tag(name:"risk_factor", value:"High");
+ script_tag(name:"last_modification", value:"$Date$");
+ script_tag(name:"creation_date", value:"2012-07-13 11:23:37 +0200 (Fri, 13 Jul 2012)");
+ script_description(desc);
+ script_summary("Determine if creation of a code block is possible");
+ script_category(ACT_GATHER_INFO);
+ script_family("Web application abuses");
+ script_copyright("This script is Copyright (C) 2012 Greenbone Networks GmbH");
+ script_dependencies("secpod_wordpress_detect_900182.nasl");
+ script_require_ports("Services/www", 80);
+ script_exclude_keys("Settings/disable_cgi_scanning");
+ script_require_keys("wordpress/installed");
+ exit(0);
+}
+
+include("http_func.inc");
+include("host_details.inc");
+include("http_keepalive.inc");
+include("global_settings.inc");
+
+if(!port = get_app_port(cpe:CPE, nvt:SCRIPT_OID))exit(0);
+if(!get_port_state(port))exit(0);
+
+if(!dir = get_app_location(cpe:CPE, nvt:SCRIPT_OID, port:port))exit(0);
+
+url = dir + '/wp-content/plugins/global-content-blocks/resources/tinymce/gcb_ajax_add.php';
+
+host = get_host_name();
+ex = 'name=openvas_test&content=openvas_test&description=openvas_test&type=php';
+
+len = strlen(ex);
+
+req = string("POST ",url, " HTTP/1.1\r\n",
+ "Host: ", host,"\r\n",
+ "Content-Type: application/x-www-form-urlencoded\r\n",
+ "Content-Length:",len,"\r\n",
+ "\r\n",
+ ex);
+
+
+result = http_keepalive_send_recv(port:port, data:req, bodyonly:FALSE);
+
+if("openvas_test" >!< result && "php.png" >!< result)exit(0);
+
+id = eregmatch(pattern:'"id":([0-9]+)',string:result);
+if(isnull(id[1]))exit(0);
+
+url = dir + '/wp-content/plugins/global-content-blocks/gcb/gcb_export.php?gcb=' + id[1];
+
+if(http_vuln_check(port:port, url:url, pattern:"b3BlbnZhc190ZXN0")) {
+ security_hole(port:port);
+ exit(0);
+}
+
+exit(0);
+
Property changes on: trunk/openvas-plugins/scripts/gb_wordpress_54413.nasl
___________________________________________________________________
Added: svn:keywords
+ Id Revision Date
Modified: trunk/openvas-plugins/scripts/gb_wordpress_asset_manager_file_upload_vuln.nasl
===================================================================
--- trunk/openvas-plugins/scripts/gb_wordpress_asset_manager_file_upload_vuln.nasl 2012-07-13 14:52:32 UTC (rev 13732)
+++ trunk/openvas-plugins/scripts/gb_wordpress_asset_manager_file_upload_vuln.nasl 2012-07-13 16:14:22 UTC (rev 13733)
@@ -24,9 +24,12 @@
# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
###############################################################################
+SCRIPT_OID = "1.3.6.1.4.1.25623.1.0.802637";
+CPE = "cpe:/a:wordpress:wordpress";
+
if(description)
{
- script_id(802637);
+ script_oid(SCRIPT_OID);
script_version("$Revision$");
script_bugtraq_id(53809);
script_tag(name:"cvss_base", value:"7.5");
@@ -80,6 +83,7 @@
include("http_func.inc");
include("version_func.inc");
include("http_keepalive.inc");
+include("host_details.inc");
function upload_file(url, file, ex, len)
{
@@ -105,7 +109,7 @@
port = 0;
## Get HTTP Port
-port = get_http_port(default: 80);
+if(!port = get_app_port(cpe:CPE, nvt:SCRIPT_OID))exit(0);
## Check Port State
if(! get_port_state(port)){
@@ -118,9 +122,7 @@
}
## Get WordPress Installed Location
-if(!dir = get_dir_from_kb(port:port, app:"WordPress")){
- exit(0);
-}
+if(!dir = get_app_location(cpe:CPE, nvt:SCRIPT_OID, port:port))exit(0);
## Construct attack request
file = "ov-file-upload-test.php";
Modified: trunk/openvas-plugins/scripts/gb_wordpress_cartpress_plugin_xss_vuln.nasl
===================================================================
--- trunk/openvas-plugins/scripts/gb_wordpress_cartpress_plugin_xss_vuln.nasl 2012-07-13 14:52:32 UTC (rev 13732)
+++ trunk/openvas-plugins/scripts/gb_wordpress_cartpress_plugin_xss_vuln.nasl 2012-07-13 16:14:22 UTC (rev 13733)
@@ -24,9 +24,12 @@
# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
###############################################################################
+SCRIPT_OID = "1.3.6.1.4.1.25623.1.0.802554";
+CPE = "cpe:/a:wordpress:wordpress";
+
if(description)
{
- script_id(802554);
+ script_oid(SCRIPT_OID);
script_version("$Revision$");
script_tag(name:"cvss_base", value:"4.3");
script_tag(name:"risk_factor", value:"Medium");
@@ -78,22 +81,17 @@
include("http_func.inc");
include("version_func.inc");
include("http_keepalive.inc");
+include("host_details.inc");
## Get HTTP Port
-port = get_http_port(default:80);
-if(!port){
- exit(0);
-}
-
+if(!port = get_app_port(cpe:CPE, nvt:SCRIPT_OID))exit(0);
## Check Host Supports PHP
if(!can_host_php(port:port)){
exit(0);
}
## Get WordPress Installed Location
-if(!dir = get_dir_from_kb(port:port, app:"WordPress")){
- exit(0);
-}
+if(!dir = get_app_location(cpe:CPE, nvt:SCRIPT_OID, port:port))exit(0);
## Construct the Attack Request
url = dir + '/wp-content/plugins/thecartpress/admin/OptionsPostsList.php?' +
Modified: trunk/openvas-plugins/scripts/gb_wordpress_comment_rating_plugin_mult_vuln.nasl
===================================================================
--- trunk/openvas-plugins/scripts/gb_wordpress_comment_rating_plugin_mult_vuln.nasl 2012-07-13 14:52:32 UTC (rev 13732)
+++ trunk/openvas-plugins/scripts/gb_wordpress_comment_rating_plugin_mult_vuln.nasl 2012-07-13 16:14:22 UTC (rev 13733)
@@ -24,9 +24,12 @@
# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
###############################################################################
+SCRIPT_OID = "1.3.6.1.4.1.25623.1.0.802289";
+CPE = "cpe:/a:wordpress:wordpress";
+
if(description)
{
- script_id(802289);
+ script_oid(802289);
script_version("$Revision$");
script_bugtraq_id(51241);
script_tag(name:"cvss_base", value:"7.5");
@@ -83,12 +86,10 @@
include("http_func.inc");
include("version_func.inc");
include("http_keepalive.inc");
+include("host_details.inc");
## Get HTTP Port
-port = get_http_port(default:80);
-if(!port){
- exit(0);
-}
+if(!port = get_app_port(cpe:CPE, nvt:SCRIPT_OID))exit(0);
## Check Host Supports PHP
if(!can_host_php(port:port)){
@@ -96,9 +97,7 @@
}
## Get WordPress Location
-if(!dir = get_dir_from_kb(port:port, app:"WordPress")){
- exit(0);
-}
+if(!dir = get_app_location(cpe:CPE, nvt:SCRIPT_OID, port:port))exit(0);
## Construct attack request
url = dir + "/wp-content/plugins/comment-rating/ck-processkarma.php?id=2"+
Modified: trunk/openvas-plugins/scripts/gb_wordpress_comment_rating_plugin_sql_vuln.nasl
===================================================================
--- trunk/openvas-plugins/scripts/gb_wordpress_comment_rating_plugin_sql_vuln.nasl 2012-07-13 14:52:32 UTC (rev 13732)
+++ trunk/openvas-plugins/scripts/gb_wordpress_comment_rating_plugin_sql_vuln.nasl 2012-07-13 16:14:22 UTC (rev 13733)
@@ -24,9 +24,12 @@
# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
###############################################################################
+SCRIPT_OID = "1.3.6.1.4.1.25623.1.0.802005";
+CPE = "cpe:/a:wordpress:wordpress";
+
if(description)
{
- script_id(802005);
+ script_oid(SCRIPT_OID);
script_version("$Revision$");
script_tag(name:"last_modification", value:"$Date$");
script_tag(name:"creation_date", value:"2011-03-10 13:33:28 +0100 (Thu, 10 Mar 2011)");
@@ -80,12 +83,11 @@
include("http_func.inc");
include("version_func.inc");
include("http_keepalive.inc");
+include("host_details.inc");
+
## Get HTTP Port
-port = get_http_port(default:80);
-if(!port){
- exit(0);
-}
+if(!port = get_app_port(cpe:CPE, nvt:SCRIPT_OID))exit(0);
## Check Host Supports PHP
if(!can_host_php(port:port)){
@@ -93,9 +95,7 @@
}
## Get WordPress Installed Location
-if(!dir = get_dir_from_kb(port:port, app:"WordPress")){
- exit(0);
-}
+if(!dir = get_app_location(cpe:CPE, nvt:SCRIPT_OID, port:port))exit(0);
## Construct the Attack Request
url = dir + "/wp-content/plugins/comment-rating/ck-processkarma.php?" +
Modified: trunk/openvas-plugins/scripts/gb_wordpress_foxypress_file_upload_vuln.nasl
===================================================================
--- trunk/openvas-plugins/scripts/gb_wordpress_foxypress_file_upload_vuln.nasl 2012-07-13 14:52:32 UTC (rev 13732)
+++ trunk/openvas-plugins/scripts/gb_wordpress_foxypress_file_upload_vuln.nasl 2012-07-13 16:14:22 UTC (rev 13733)
@@ -24,9 +24,12 @@
# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
###############################################################################
+SCRIPT_OID = "1.3.6.1.4.1.25623.1.0.802638";
+CPE = "cpe:/a:wordpress:wordpress";
+
if(description)
{
- script_id(802638);
+ script_oid(SCRIPT_OID);
script_version("$Revision$");
script_bugtraq_id(53805);
script_tag(name:"cvss_base", value:"7.5");
@@ -80,7 +83,9 @@
include("http_func.inc");
include("version_func.inc");
include("http_keepalive.inc");
+include("host_details.inc");
+
## Variable Initialization
req = "";
res = "";
@@ -88,7 +93,7 @@
path = NULL;
## Get HTTP Port
-port = get_http_port(default: 80);
+if(!port = get_app_port(cpe:CPE, nvt:SCRIPT_OID))exit(0);
## Check Port State
if(! get_port_state(port)){
@@ -101,9 +106,7 @@
}
## Get WordPress Installed Location
-if(!dir = get_dir_from_kb(port:port, app:"WordPress")){
- exit(0);
-}
+if(!dir = get_app_location(cpe:CPE, nvt:SCRIPT_OID, port:port))exit(0);
## Construct attack request
file = "ov-file-upload-test.php";
Modified: trunk/openvas-plugins/scripts/gb_wordpress_gd_star_rating_plugin_sql_inj_vuln.nasl
===================================================================
--- trunk/openvas-plugins/scripts/gb_wordpress_gd_star_rating_plugin_sql_inj_vuln.nasl 2012-07-13 14:52:32 UTC (rev 13732)
+++ trunk/openvas-plugins/scripts/gb_wordpress_gd_star_rating_plugin_sql_inj_vuln.nasl 2012-07-13 16:14:22 UTC (rev 13733)
@@ -24,9 +24,12 @@
# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
###############################################################################
+SCRIPT_OID = "1.3.6.1.4.1.25623.1.0.802204";
+CPE = "cpe:/a:wordpress:wordpress";
+
if(description)
{
- script_id(802204);
+ script_oid(SCRIPT_OID);
script_version("$Revision$");
script_tag(name:"last_modification", value:"$Date$");
script_tag(name:"creation_date", value:"2011-06-13 15:28:04 +0200 (Mon, 13 Jun 2011)");
@@ -79,12 +82,11 @@
include("http_func.inc");
include("version_func.inc");
include("http_keepalive.inc");
+include("host_details.inc");
+
## Get HTTP Port
-port = get_http_port(default:80);
-if(!port){
- exit(0);
-}
+if(!port = get_app_port(cpe:CPE, nvt:SCRIPT_OID))exit(0);
## Check Host Supports PHP
if(!can_host_php(port:port)){
@@ -92,9 +94,7 @@
}
## Get WordPress Location
-if(!dir = get_dir_from_kb(port:port, app:"WordPress")){
- exit(0);
-}
+if(!dir = get_app_location(cpe:CPE, nvt:SCRIPT_OID, port:port))exit(0);
## Construct attack request
url = string(dir,"/wp-content/plugins/gd-star-rating/ajax.php?vote_type=cache",
Modified: trunk/openvas-plugins/scripts/gb_wordpress_grand_fia_gallery_plugin_dir_trav_vuln.nasl
===================================================================
--- trunk/openvas-plugins/scripts/gb_wordpress_grand_fia_gallery_plugin_dir_trav_vuln.nasl 2012-07-13 14:52:32 UTC (rev 13732)
+++ trunk/openvas-plugins/scripts/gb_wordpress_grand_fia_gallery_plugin_dir_trav_vuln.nasl 2012-07-13 16:14:22 UTC (rev 13733)
@@ -24,9 +24,12 @@
# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
###############################################################################
+SCRIPT_OID = "1.3.6.1.4.1.25623.1.0.802015";
+CPE = "cpe:/a:wordpress:wordpress";
+
if(description)
{
- script_id(802015);
+ script_oid(SCRIPT_OID);
script_version("$Revision$");
script_tag(name:"last_modification", value:"$Date$");
script_tag(name:"creation_date", value:"2011-04-22 16:38:12 +0200 (Fri, 22 Apr 2011)");
@@ -88,12 +91,11 @@
include("http_func.inc");
include("version_func.inc");
include("http_keepalive.inc");
+include("host_details.inc");
+
## Get HTTP Port
-port = get_http_port(default:80);
-if(!port){
- exit(0);
-}
+if(!port = get_app_port(cpe:CPE, nvt:SCRIPT_OID))exit(0);
## Check Host Supports PHP
if(!can_host_php(port:port)){
@@ -107,9 +109,7 @@
}
## Get WordPress Installed Location
-if(!dir = get_dir_from_kb(port:port, app:"WordPress")){
- exit(0);
-}
+if(!dir = get_app_location(cpe:CPE, nvt:SCRIPT_OID, port:port))exit(0);
## Post Data
postData = "want2Read=..%2F..%2F..%2F..%2Fwp-config.php&submit=submit";
Modified: trunk/openvas-plugins/scripts/gb_wordpress_html5_av_mgr_file_upload_vuln.nasl
===================================================================
--- trunk/openvas-plugins/scripts/gb_wordpress_html5_av_mgr_file_upload_vuln.nasl 2012-07-13 14:52:32 UTC (rev 13732)
+++ trunk/openvas-plugins/scripts/gb_wordpress_html5_av_mgr_file_upload_vuln.nasl 2012-07-13 16:14:22 UTC (rev 13733)
@@ -24,9 +24,12 @@
# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
###############################################################################
+SCRIPT_OID = "1.3.6.1.4.1.25623.1.0.802639";
+CPE = "cpe:/a:wordpress:wordpress";
+
if(description)
{
- script_id(802639);
+ script_oid(SCRIPT_OID);
script_version("$Revision$");
script_bugtraq_id(53804);
script_tag(name:"cvss_base", value:"7.5");
@@ -80,7 +83,9 @@
include("http_func.inc");
include("version_func.inc");
include("http_keepalive.inc");
+include("host_details.inc");
+
function upload_file(url, file, ex, len)
{
return string(
@@ -105,8 +110,9 @@
port = 0;
## Get HTTP Port
-port = get_http_port(default: 80);
+if(!port = get_app_port(cpe:CPE, nvt:SCRIPT_OID))exit(0);
+
## Check Port State
if(! get_port_state(port)){
exit(0);
@@ -118,9 +124,7 @@
}
## Get WordPress Installed Location
-if(!dir = get_dir_from_kb(port:port, app:"WordPress")){
- exit(0);
-}
+if(!dir = get_app_location(cpe:CPE, nvt:SCRIPT_OID, port:port))exit(0);
## Construct attack request
file = "ov-file-upload-test.php";
Modified: trunk/openvas-plugins/scripts/gb_wordpress_iframe_admin_pages_plugin_xss_vuln.nasl
===================================================================
--- trunk/openvas-plugins/scripts/gb_wordpress_iframe_admin_pages_plugin_xss_vuln.nasl 2012-07-13 14:52:32 UTC (rev 13732)
+++ trunk/openvas-plugins/scripts/gb_wordpress_iframe_admin_pages_plugin_xss_vuln.nasl 2012-07-13 16:14:22 UTC (rev 13733)
@@ -24,9 +24,12 @@
# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
###############################################################################
+SCRIPT_OID = "1.3.6.1.4.1.25623.1.0.802855";
+CPE = "cpe:/a:wordpress:wordpress";
+
if(description)
{
- script_id(802855);
+ script_oid(SCRIPT_OID);
script_version("$Revision$");
script_bugtraq_id(53522);
script_tag(name:"cvss_base", value:"4.3");
@@ -79,7 +82,9 @@
include("http_func.inc");
include("version_func.inc");
include("http_keepalive.inc");
+include("host_details.inc");
+
## Variable Initialization
dir = "";
url = "";
@@ -88,10 +93,7 @@
ifRes = "";
## Get HTTP Port
-port = get_http_port(default:80);
-if(!port){
- exit(0);
-}
+if(!port = get_app_port(cpe:CPE, nvt:SCRIPT_OID))exit(0);
## Check Host Supports PHP
if(!can_host_php(port:port)){
@@ -99,9 +101,7 @@
}
## Get WordPress Location
-if(!dir = get_dir_from_kb(port:port, app:"WordPress")){
- exit(0);
-}
+if(!dir = get_app_location(cpe:CPE, nvt:SCRIPT_OID, port:port))exit(0);
## Get Host Name or IP
host = get_host_name();
Modified: trunk/openvas-plugins/scripts/gb_wordpress_inline_gallery_plugin_xss_vuln.nasl
===================================================================
--- trunk/openvas-plugins/scripts/gb_wordpress_inline_gallery_plugin_xss_vuln.nasl 2012-07-13 14:52:32 UTC (rev 13732)
+++ trunk/openvas-plugins/scripts/gb_wordpress_inline_gallery_plugin_xss_vuln.nasl 2012-07-13 16:14:22 UTC (rev 13733)
@@ -24,9 +24,12 @@
# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
###############################################################################
+SCRIPT_OID = "1.3.6.1.4.1.25623.1.0.801780";
+CPE = "cpe:/a:wordpress:wordpress";
+
if(description)
{
- script_id(801780);
+ script_oid(SCRIPT_OID);
script_version("$Revision$");
script_tag(name:"last_modification", value:"$Date$");
script_tag(name:"creation_date", value:"2011-05-11 15:50:14 +0200 (Wed, 11 May 2011)");
@@ -83,12 +86,11 @@
include("http_func.inc");
include("version_func.inc");
include("http_keepalive.inc");
+include("host_details.inc");
+
## Get HTTP Port
-port = get_http_port(default:80);
-if(!port){
- exit(0);
-}
+if(!port = get_app_port(cpe:CPE, nvt:SCRIPT_OID))exit(0);
## Check Host Supports PHP
if(!can_host_php(port:port)){
@@ -96,9 +98,7 @@
}
## Get WordPress Installed Location
-if(!dir = get_dir_from_kb(port:port, app:"WordPress")){
- exit(0);
-}
+if(!dir = get_app_location(cpe:CPE, nvt:SCRIPT_OID, port:port))exit(0);
## Construct the Attack Request
url = dir + "/wp-content/plugins/inline-gallery/browser/browser.php?do=<script>" +
Modified: trunk/openvas-plugins/scripts/gb_wordpress_ip_logger_plugin_sql_inj_vuln.nasl
===================================================================
--- trunk/openvas-plugins/scripts/gb_wordpress_ip_logger_plugin_sql_inj_vuln.nasl 2012-07-13 14:52:32 UTC (rev 13732)
+++ trunk/openvas-plugins/scripts/gb_wordpress_ip_logger_plugin_sql_inj_vuln.nasl 2012-07-13 16:14:22 UTC (rev 13733)
@@ -24,9 +24,12 @@
# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
###############################################################################
+SCRIPT_OID = "1.3.6.1.4.1.25623.1.0.802035";
+CPE = "cpe:/a:wordpress:wordpress";
+
if(description)
{
- script_id(802035);
+ script_oid(SCRIPT_OID);
script_version("$Revision$");
script_tag(name:"last_modification", value:"$Date$");
script_tag(name:"creation_date", value:"2011-09-16 17:22:17 +0200 (Fri, 16 Sep 2011)");
@@ -78,12 +81,11 @@
include("http_func.inc");
include("version_func.inc");
include("http_keepalive.inc");
+include("host_details.inc");
+
## Get HTTP Port
-port = get_http_port(default:80);
-if(!port){
- exit(0);
-}
+if(!port = get_app_port(cpe:CPE, nvt:SCRIPT_OID))exit(0);
## Check Host Supports PHP
if(!can_host_php(port:port)){
@@ -91,9 +93,7 @@
}
## Get WordPress Installed Location
-if(!dir = get_dir_from_kb(port:port, app:"WordPress")){
- exit(0);
-}
+if(!dir = get_app_location(cpe:CPE, nvt:SCRIPT_OID, port:port))exit(0);
## Construct the Attack Request
url = dir + "/wp-content/plugins/ip-logger/map-details.php?lat=-1'[SQLi]--";
Modified: trunk/openvas-plugins/scripts/gb_wordpress_iwantonebutton_plugin_xss_vuln.nasl
===================================================================
--- trunk/openvas-plugins/scripts/gb_wordpress_iwantonebutton_plugin_xss_vuln.nasl 2012-07-13 14:52:32 UTC (rev 13732)
+++ trunk/openvas-plugins/scripts/gb_wordpress_iwantonebutton_plugin_xss_vuln.nasl 2012-07-13 16:14:22 UTC (rev 13733)
@@ -24,9 +24,12 @@
# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
###############################################################################
+SCRIPT_OID = "1.3.6.1.4.1.25623.1.0.802004";
+CPE = "cpe:/a:wordpress:wordpress";
+
if(description)
{
- script_id(802004);
+ script_oid(SCRIPT_OID);
script_version("$Revision$");
script_tag(name:"last_modification", value:"$Date$");
script_tag(name:"creation_date", value:"2011-03-10 13:33:28 +0100 (Thu, 10 Mar 2011)");
@@ -83,12 +86,11 @@
include("http_func.inc");
include("version_func.inc");
include("http_keepalive.inc");
+include("host_details.inc");
+
## Get HTTP Port
-port = get_http_port(default:80);
-if(!port){
- exit(0);
-}
+if(!port = get_app_port(cpe:CPE, nvt:SCRIPT_OID))exit(0);
## Check Host Supports PHP
if(!can_host_php(port:port)){
@@ -96,9 +98,7 @@
}
## Get WordPress Installed Location
-if(!dir = get_dir_from_kb(port:port, app:"WordPress")){
- exit(0);
-}
+if(!dir = get_app_location(cpe:CPE, nvt:SCRIPT_OID, port:port))exit(0);
## Construct the Attack Request
url = dir + "/wp-content/plugins/iwant-one-ihave-one/updateAJAX.php?add" +
Modified: trunk/openvas-plugins/scripts/gb_wordpress_media_library_categories_plugin_sql_inj_vuln.nasl
===================================================================
--- trunk/openvas-plugins/scripts/gb_wordpress_media_library_categories_plugin_sql_inj_vuln.nasl 2012-07-13 14:52:32 UTC (rev 13732)
+++ trunk/openvas-plugins/scripts/gb_wordpress_media_library_categories_plugin_sql_inj_vuln.nasl 2012-07-13 16:14:22 UTC (rev 13733)
@@ -24,9 +24,12 @@
# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
###############################################################################
+SCRIPT_OID = "1.3.6.1.4.1.25623.1.0.802322";
+CPE = "cpe:/a:wordpress:wordpress";
+
if(description)
{
- script_id(802322);
+ script_oid(SCRIPT_OID);
script_version("$Revision$");
script_tag(name:"last_modification", value:"$Date$");
script_tag(name:"creation_date", value:"2011-08-12 14:44:50 +0200 (Fri, 12 Aug 2011)");
@@ -77,22 +80,20 @@
include("http_func.inc");
include("version_func.inc");
include("http_keepalive.inc");
+include("host_details.inc");
+
## Get HTTP Port
-port = get_http_port(default:80);
-if(!port){
- exit(0);
-}
+if(!port = get_app_port(cpe:CPE, nvt:SCRIPT_OID))exit(0);
+
## Check Host Supports PHP
if(!can_host_php(port:port)){
exit(0);
}
## Get WordPress Installed Location
-if(!dir = get_dir_from_kb(port:port, app:"WordPress")){
- exit(0);
-}
+if(!dir = get_app_location(cpe:CPE, nvt:SCRIPT_OID, port:port))exit(0);
## Construct the Attack Request
url = dir + "/wp-content/plugins/media-library-categories/sort.php?termid=-1" +
Modified: trunk/openvas-plugins/scripts/gb_wordpress_mult_themes_xss_vuln.nasl
===================================================================
--- trunk/openvas-plugins/scripts/gb_wordpress_mult_themes_xss_vuln.nasl 2012-07-13 14:52:32 UTC (rev 13732)
+++ trunk/openvas-plugins/scripts/gb_wordpress_mult_themes_xss_vuln.nasl 2012-07-13 16:14:22 UTC (rev 13733)
@@ -24,9 +24,12 @@
# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
###############################################################################
+SCRIPT_OID = "1.3.6.1.4.1.25623.1.0.802250";
+CPE = "cpe:/a:wordpress:wordpress";
+
if(description)
{
- script_id(802250);
+ script_oid(SCRIPT_OID);
script_version("$Revision$");
script_tag(name:"last_modification", value:"$Date$");
script_tag(name:"creation_date", value:"2011-10-04 16:55:13 +0200 (Tue, 04 Oct 2011)");
@@ -94,22 +97,20 @@
include("http_func.inc");
include("version_func.inc");
include("http_keepalive.inc");
+include("host_details.inc");
+
## Get HTTP Port
-port = get_http_port(default:80);
-if(!port){
- exit(0);
-}
+if(!port = get_app_port(cpe:CPE, nvt:SCRIPT_OID))exit(0);
+
## Check Host Supports PHP
if(!can_host_php(port:port)){
exit(0);
}
## Get WordPress Location
-if(!dir = get_dir_from_kb(port:port, app:"WordPress")){
- exit(0);
-}
+if(!dir = get_app_location(cpe:CPE, nvt:SCRIPT_OID, port:port))exit(0);
xploits = make_array(
"><script>alert\(document.cookie\)</script>",
Modified: trunk/openvas-plugins/scripts/gb_wordpress_mult_vuln_jul09.nasl
===================================================================
--- trunk/openvas-plugins/scripts/gb_wordpress_mult_vuln_jul09.nasl 2012-07-13 14:52:32 UTC (rev 13732)
+++ trunk/openvas-plugins/scripts/gb_wordpress_mult_vuln_jul09.nasl 2012-07-13 16:14:22 UTC (rev 13733)
@@ -24,9 +24,12 @@
# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
###############################################################################
+SCRIPT_OID = "1.3.6.1.4.1.25623.1.0.800657";
+CPE = "cpe:/a:wordpress:wordpress";
+
if(description)
{
- script_id(800657);
+ script_oid(SCRIPT_OID);
script_version("$Revision$");
script_tag(name:"last_modification", value:"$Date$");
script_tag(name:"creation_date", value:"2009-07-18 09:37:41 +0200 (Sat, 18 Jul 2009)");
@@ -88,33 +91,22 @@
include("http_func.inc");
include("version_func.inc");
+include("host_details.inc");
-wpmuPort = get_http_port(default:80);
+
+wpmuPort = get_app_port(cpe:CPE, nvt:SCRIPT_OID);
if(!wpmuPort){
exit(0);
}
-wpVer = get_kb_item("www/" + wpmuPort + "/WordPress");
-if(!wpVer){
- exit(0);
-}
+if(!dir = get_app_location(cpe:CPE, nvt:SCRIPT_OID, port:wpmuPort))exit(0);
-wpVer = eregmatch(pattern:"^(.+) under (/.*)$", string:wpVer);
-
-if((wpVer[2] != NULL) && (!safe_checks()))
+sndReq = http_get(item:string(dir, "/wp-settings.php"), port:wpmuPort);
+rcvRes = http_send_recv(port:wpmuPort, data:sndReq);
+if("ABSPATHwp-include" >< rcvRes && "include_path" >< rcvRes)
{
- sndReq = http_get(item:string(wpVer[2], "/wp-settings.php"), port:wpmuPort);
- rcvRes = http_send_recv(port:wpmuPort, data:sndReq);
- if("ABSPATHwp-include" >< rcvRes && "include_path" >< rcvRes)
- {
- security_warning(wpmuPort);
- exit(0);
- }
+ security_warning(port:wpmuPort);
+ exit(0);
}
-if(wpVer[1] != NULL)
-{
- if(version_is_less(version:wpVer[1], test_version:"2.8.1")){
- security_warning(wpmuPort);
- }
-}
+exit(0);
Modified: trunk/openvas-plugins/scripts/gb_wordpress_mult_vuln_may09.nasl
===================================================================
--- trunk/openvas-plugins/scripts/gb_wordpress_mult_vuln_may09.nasl 2012-07-13 14:52:32 UTC (rev 13732)
+++ trunk/openvas-plugins/scripts/gb_wordpress_mult_vuln_may09.nasl 2012-07-13 16:14:22 UTC (rev 13733)
@@ -24,9 +24,12 @@
# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
###############################################################################
+SCRIPT_OID = "1.3.6.1.4.1.25623.1.0.800704";
+CPE = "cpe:/a:wordpress:wordpress";
+
if(description)
{
- script_id(800704);
+ script_oid(SCRIPT_OID);
script_version("$Revision$");
script_tag(name:"last_modification", value:"$Date$");
script_tag(name:"creation_date", value:"2009-05-11 08:41:11 +0200 (Mon, 11 May 2009)");
@@ -75,8 +78,10 @@
include("version_func.inc");
include("http_func.inc");
+include("host_details.inc");
-wordpressPort = get_http_port(default:80);
+
+wordpressPort = get_app_port(cpe:CPE, nvt:SCRIPT_OID);
if(!wordpressPort){
exit(0);
}
@@ -85,12 +90,8 @@
exit(0);
}
-version = get_kb_item("www/" + wordpressPort + "/WordPress");
-version = eregmatch(pattern:"^(.+) under (/.*)$", string:version);
-if(version[1] == NULL){
- exit(0);
-}
+if(!version = get_app_version(cpe:CPE, nvt:SCRIPT_OID, port:port))exit(0);
-if(version_in_range(version:version[1], test_version:"2.6", test_version2:"2.6.3")){
+if(version_in_range(version:version, test_version:"2.6", test_version2:"2.6.3")){
security_hole(wordpressPort);
}
Modified: trunk/openvas-plugins/scripts/gb_wordpress_myeasybackup_plugin_dir_trav_vuln.nasl
===================================================================
--- trunk/openvas-plugins/scripts/gb_wordpress_myeasybackup_plugin_dir_trav_vuln.nasl 2012-07-13 14:52:32 UTC (rev 13732)
+++ trunk/openvas-plugins/scripts/gb_wordpress_myeasybackup_plugin_dir_trav_vuln.nasl 2012-07-13 16:14:22 UTC (rev 13733)
@@ -24,9 +24,12 @@
# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
###############################################################################
+SCRIPT_OID = "1.3.6.1.4.1.25623.1.0.802380";
+CPE = "cpe:/a:wordpress:wordpress";
+
if(description)
{
- script_id(802380);
+ script_oid(SCRIPT_OID);
script_version("$Revision$");
script_cve_id("CVE-2012-0898");
script_bugtraq_id(51433);
@@ -87,10 +90,7 @@
## Get HTTP Port
-port = get_http_port(default:80);
-if(!port){
- exit(0);
-}
+if(!port = get_app_port(cpe:CPE, nvt:SCRIPT_OID))exit(0);
## Check Host Supports PHP
if(!can_host_php(port:port)){
@@ -104,10 +104,9 @@
}
## Get WordPress Installed Location
-if(!dir = get_dir_from_kb(port:port, app:"WordPress")){
- exit(0);
-}
+if(!dir = get_app_location(cpe:CPE, nvt:SCRIPT_OID, port:port))exit(0);
+
files = traversal_files();
foreach file (keys(files))
Modified: trunk/openvas-plugins/scripts/gb_wordpress_nmedia_member_conv_file_upload_vuln.nasl
===================================================================
--- trunk/openvas-plugins/scripts/gb_wordpress_nmedia_member_conv_file_upload_vuln.nasl 2012-07-13 14:52:32 UTC (rev 13732)
+++ trunk/openvas-plugins/scripts/gb_wordpress_nmedia_member_conv_file_upload_vuln.nasl 2012-07-13 16:14:22 UTC (rev 13733)
@@ -24,9 +24,12 @@
# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
###############################################################################
+SCRIPT_OID = "1.3.6.1.4.1.25623.1.0.802642";
+CPE = "cpe:/a:wordpress:wordpress";
+
if(description)
{
- script_id(802642);
+ script_oid(SCRIPT_OID);
script_version("$Revision$");
script_bugtraq_id(53790);
script_cve_id("CVE-2012-3577");
@@ -81,7 +84,9 @@
include("http_func.inc");
include("version_func.inc");
include("http_keepalive.inc");
+include("host_details.inc");
+
function upload_file(url, file, ex, len)
{
return string(
@@ -106,8 +111,9 @@
port = 0;
## Get HTTP Port
-port = get_http_port(default: 80);
+if(!port = get_app_port(cpe:CPE, nvt:SCRIPT_OID))exit(0);
+
## Check Port State
if(! get_port_state(port)){
exit(0);
@@ -119,10 +125,9 @@
}
## Get WordPress Installed Location
-if(!dir = get_dir_from_kb(port:port, app:"WordPress")){
- exit(0);
-}
+if(!dir = get_app_location(cpe:CPE, nvt:SCRIPT_OID, port:port))exit(0);
+
## Construct attack request
file = "ov-file-upload-test.php";
rand = rand();
Modified: trunk/openvas-plugins/scripts/gb_wordpress_nmedia_users_file_upload_vuln.nasl
===================================================================
--- trunk/openvas-plugins/scripts/gb_wordpress_nmedia_users_file_upload_vuln.nasl 2012-07-13 14:52:32 UTC (rev 13732)
+++ trunk/openvas-plugins/scripts/gb_wordpress_nmedia_users_file_upload_vuln.nasl 2012-07-13 16:14:22 UTC (rev 13733)
@@ -24,9 +24,12 @@
# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
###############################################################################
+SCRIPT_OID = "1.3.6.1.4.1.25623.1.0.802643";
+CPE = "cpe:/a:wordpress:wordpress";
+
if(description)
{
- script_id(802643);
+ script_oid(SCRIPT_OID);
script_version("$Revision$");
script_bugtraq_id(53786);
script_tag(name:"cvss_base", value:"7.5");
@@ -77,7 +80,9 @@
include("http_func.inc");
include("version_func.inc");
include("http_keepalive.inc");
+include("host_details.inc");
+
function upload_file(url, file, ex, len)
{
return string(
@@ -102,8 +107,9 @@
port = 0;
## Get HTTP Port
-port = get_http_port(default: 80);
+if(!port = get_app_port(cpe:CPE, nvt:SCRIPT_OID))exit(0);
+
## Check Port State
if(! get_port_state(port)){
exit(0);
@@ -115,9 +121,7 @@
}
## Get WordPress Installed Location
-if(!dir = get_dir_from_kb(port:port, app:"WordPress")){
- exit(0);
-}
+if(!dir = get_app_location(cpe:CPE, nvt:SCRIPT_OID, port:port))exit(0);
## Construct attack request
file = "ov-file-upload-test.php";
Modified: trunk/openvas-plugins/scripts/gb_wordpress_omni_sec_files_file_upload_vuln.nasl
===================================================================
--- trunk/openvas-plugins/scripts/gb_wordpress_omni_sec_files_file_upload_vuln.nasl 2012-07-13 14:52:32 UTC (rev 13732)
+++ trunk/openvas-plugins/scripts/gb_wordpress_omni_sec_files_file_upload_vuln.nasl 2012-07-13 16:14:22 UTC (rev 13733)
@@ -24,9 +24,12 @@
# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
###############################################################################
+SCRIPT_OID = "1.3.6.1.4.1.25623.1.0.802641";
+CPE = "cpe:/a:wordpress:wordpress";
+
if(description)
{
- script_id(802641);
+ script_oid(SCRIPT_OID);
script_version("$Revision$");
script_tag(name:"cvss_base", value:"7.5");
script_tag(name:"cvss_base_vector", value:"AV:N/AC:L/Au:N/C:P/I:P/A:P");
@@ -78,15 +81,18 @@
include("http_func.inc");
include("version_func.inc");
include("http_keepalive.inc");
+include("host_details.inc");
+
## Variable Initialization
req = "";
res = "";
port = 0;
## Get HTTP Port
-port = get_http_port(default: 80);
+if(!port = get_app_port(cpe:CPE, nvt:SCRIPT_OID))exit(0);
+
## Check Port State
if(! get_port_state(port)){
exit(0);
@@ -98,10 +104,9 @@
}
## Get WordPress Installed Location
-if(!dir = get_dir_from_kb(port:port, app:"WordPress")){
- exit(0);
-}
+if(!dir = get_app_location(cpe:CPE, nvt:SCRIPT_OID, port:port))exit(0);
+
## Construct attack request
rand = rand();
file = "ovtest" + rand + ".php";
Modified: trunk/openvas-plugins/scripts/gb_wordpress_ops_old_post_spinner_plugin_ops_file_dir_trav.nasl
===================================================================
--- trunk/openvas-plugins/scripts/gb_wordpress_ops_old_post_spinner_plugin_ops_file_dir_trav.nasl 2012-07-13 14:52:32 UTC (rev 13732)
+++ trunk/openvas-plugins/scripts/gb_wordpress_ops_old_post_spinner_plugin_ops_file_dir_trav.nasl 2012-07-13 16:14:22 UTC (rev 13733)
@@ -24,9 +24,12 @@
# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
###############################################################################
+SCRIPT_OID = "1.3.6.1.4.1.25623.1.0.802017";
+CPE = "cpe:/a:wordpress:wordpress";
+
if(description)
{
- script_id(802017);
+ script_oid(SCRIPT_OID);
script_version("$Revision$");
script_tag(name:"last_modification", value:"$Date$");
script_tag(name:"creation_date", value:"2011-04-22 16:38:12 +0200 (Fri, 22 Apr 2011)");
@@ -85,21 +88,18 @@
include("http_keepalive.inc");
## Get HTTP Port
-port = get_http_port(default:80);
-if(!port){
- exit(0);
-}
+if(!port = get_app_port(cpe:CPE, nvt:SCRIPT_OID))exit(0);
+
## Check Host Supports PHP
if(!can_host_php(port:port)){
exit(0);
}
## Get WordPress Installed Location
-if(!dir = get_dir_from_kb(port:port, app:"WordPress")){
- exit(0);
-}
+if(!dir = get_app_location(cpe:CPE, nvt:SCRIPT_OID, port:port))exit(0);
+
## traversal_files() function Returns Dictionary (i.e key value pair)
## Get Content to be checked and file to be check
files = traversal_files();
Modified: trunk/openvas-plugins/scripts/gb_wordpress_photosmash_xss_vuln.nasl
===================================================================
--- trunk/openvas-plugins/scripts/gb_wordpress_photosmash_xss_vuln.nasl 2012-07-13 14:52:32 UTC (rev 13732)
+++ trunk/openvas-plugins/scripts/gb_wordpress_photosmash_xss_vuln.nasl 2012-07-13 16:14:22 UTC (rev 13733)
@@ -24,9 +24,12 @@
# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
###############################################################################
+SCRIPT_OID = "1.3.6.1.4.1.25623.1.0.801880";
+CPE = "cpe:/a:wordpress:wordpress";
+
if(description)
{
- script_id(801880);
+ script_oid(SCRIPT_OID);
script_version("$Revision$");
script_tag(name:"last_modification", value:"$Date$");
script_tag(name:"creation_date", value:"2011-05-16 15:25:30 +0200 (Mon, 16 May 2011)");
@@ -75,12 +78,11 @@
include("http_func.inc");
include("version_func.inc");
include("http_keepalive.inc");
+include("host_details.inc");
+
## Get HTTP Port
-port = get_http_port(default:80);
-if(!port){
- exit(0);
-}
+if(!port = get_app_port(cpe:CPE, nvt:SCRIPT_OID))exit(0);
## Check Host Supports PHP
if(!can_host_php(port:port)){
@@ -88,9 +90,7 @@
}
## Get WordPress Location
-if(!dir = get_dir_from_kb(port:port, app:"WordPress")){
- exit(0);
-}
+if(!dir = get_app_location(cpe:CPE, nvt:SCRIPT_OID, port:port))exit(0);
## Construct attack request
url = string(dir, "/wp-content/plugins/photosmash-galleries/index.php?action=",
Modified: trunk/openvas-plugins/scripts/gb_wordpress_php_speedy_plugin_code_exec_vuln.nasl
===================================================================
--- trunk/openvas-plugins/scripts/gb_wordpress_php_speedy_plugin_code_exec_vuln.nasl 2012-07-13 14:52:32 UTC (rev 13732)
+++ trunk/openvas-plugins/scripts/gb_wordpress_php_speedy_plugin_code_exec_vuln.nasl 2012-07-13 16:14:22 UTC (rev 13733)
@@ -24,9 +24,12 @@
# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
###############################################################################
+SCRIPT_OID = "1.3.6.1.4.1.25623.1.0.802008";
+CPE = "cpe:/a:wordpress:wordpress";
+
if(description)
{
- script_id(802008);
+ script_oid(SCRIPT_OID);
script_version("$Revision$");
script_tag(name:"last_modification", value:"$Date$");
script_tag(name:"creation_date", value:"2011-03-22 08:43:18 +0100 (Tue, 22 Mar 2011)");
@@ -82,12 +85,11 @@
include("http_func.inc");
include("version_func.inc");
include("http_keepalive.inc");
+include("host_details.inc");
+
## Get HTTP Port
-port = get_http_port(default:80);
-if(!port){
- exit(0);
-}
+if(!port = get_app_port(cpe:CPE, nvt:SCRIPT_OID))exit(0);
## Check Host Supports PHP
if(!can_host_php(port:port)){
@@ -101,9 +103,7 @@
}
## Get WordPress Installed Location
-if(!dir = get_dir_from_kb(port:port, app:"WordPress")){
- exit(0);
-}
+if(!dir = get_app_location(cpe:CPE, nvt:SCRIPT_OID, port:port))exit(0);
## Post Data having php code
postData = "<?php phpinfo(); ?>";
Modified: trunk/openvas-plugins/scripts/gb_wordpress_php_speedy_plugin_title_param_xss.nasl
===================================================================
--- trunk/openvas-plugins/scripts/gb_wordpress_php_speedy_plugin_title_param_xss.nasl 2012-07-13 14:52:32 UTC (rev 13732)
+++ trunk/openvas-plugins/scripts/gb_wordpress_php_speedy_plugin_title_param_xss.nasl 2012-07-13 16:14:22 UTC (rev 13733)
@@ -24,9 +24,12 @@
# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
###############################################################################
+SCRIPT_OID = "1.3.6.1.4.1.25623.1.0.802009";
+CPE = "cpe:/a:wordpress:wordpress";
+
if(description)
{
- script_id(802009);
+ script_oid(SCRIPT_OID);
script_version("$Revision$");
script_tag(name:"last_modification", value:"$Date$");
script_tag(name:"creation_date", value:"2011-03-16 15:16:52 +0100 (Wed, 16 Mar 2011)");
@@ -81,22 +84,20 @@
include("http_func.inc");
include("version_func.inc");
include("http_keepalive.inc");
+include("host_details.inc");
+
## Get HTTP Port
-port = get_http_port(default:80);
-if(!port){
- exit(0);
-}
+if(!port = get_app_port(cpe:CPE, nvt:SCRIPT_OID))exit(0);
+
## Check Host Supports PHP
if(!can_host_php(port:port)){
exit(0);
}
## Get WordPress Installed Location
-if(!dir = get_dir_from_kb(port:port, app:"WordPress")){
- exit(0);
-}
+if(!dir = get_app_location(cpe:CPE, nvt:SCRIPT_OID, port:port))exit(0);
## Path of Vulnerable Page
url = dir + "/wp-content/plugins/php_speedy_wp/libs/php_speedy/view/" +
Modified: trunk/openvas-plugins/scripts/gb_wordpress_pretty_link_plugin_mult_vuln.nasl
===================================================================
--- trunk/openvas-plugins/scripts/gb_wordpress_pretty_link_plugin_mult_vuln.nasl 2012-07-13 14:52:32 UTC (rev 13732)
+++ trunk/openvas-plugins/scripts/gb_wordpress_pretty_link_plugin_mult_vuln.nasl 2012-07-13 16:14:22 UTC (rev 13733)
@@ -24,9 +24,12 @@
# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
###############################################################################
+SCRIPT_OID = "1.3.6.1.4.1.25623.1.0.802857";
+CPE = "cpe:/a:wordpress:wordpress";
+
if(description)
{
- script_id(802857);
+ script_oid(SCRIPT_OID);
script_version("$Revision$");
script_bugtraq_id(53531);
script_tag(name:"cvss_base", value:"7.5");
@@ -81,17 +84,16 @@
include("http_func.inc");
include("version_func.inc");
include("http_keepalive.inc");
+include("host_details.inc");
+
## Variable Initialization
dir = "";
url = "";
port = 0;
## Get HTTP Port
-port = get_http_port(default:80);
-if(!port){
- exit(0);
-}
+if(!port = get_app_port(cpe:CPE, nvt:SCRIPT_OID))exit(0);
## Check Host Supports PHP
if(!can_host_php(port:port)){
@@ -99,10 +101,9 @@
}
## Get WordPress Location
-if(!dir = get_dir_from_kb(port:port, app:"WordPress")){
- exit(0);
-}
+if(!dir = get_app_location(cpe:CPE, nvt:SCRIPT_OID, port:port))exit(0);
+
## Construct the Attack Request
url = dir + '/wp-content/plugins/pretty-link/pretty-bar.php?' +
'url="><script>alert(document.cookie)</script>';
Modified: trunk/openvas-plugins/scripts/gb_wordpress_processing_embed_plugin_xss.nasl
===================================================================
--- trunk/openvas-plugins/scripts/gb_wordpress_processing_embed_plugin_xss.nasl 2012-07-13 14:52:32 UTC (rev 13732)
+++ trunk/openvas-plugins/scripts/gb_wordpress_processing_embed_plugin_xss.nasl 2012-07-13 16:14:22 UTC (rev 13733)
@@ -24,9 +24,12 @@
# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
###############################################################################
+SCRIPT_OID = "1.3.6.1.4.1.25623.1.0.801908";
+CPE = "cpe:/a:wordpress:wordpress";
+
if(description)
{
- script_id(801908);
+ script_oid(SCRIPT_OID);
script_version("$Revision$");
script_tag(name:"last_modification", value:"$Date$");
script_tag(name:"creation_date", value:"2011-03-22 08:43:18 +0100 (Tue, 22 Mar 2011)");
@@ -83,12 +86,11 @@
include("http_func.inc");
include("version_func.inc");
include("http_keepalive.inc");
+include("host_details.inc");
+
## Get HTTP Port
-port = get_http_port(default:80);
-if(!port){
- exit(0);
-}
+if(!port = get_app_port(cpe:CPE, nvt:SCRIPT_OID))exit(0);
## Check Host Supports PHP
if(!can_host_php(port:port)){
@@ -96,9 +98,7 @@
}
## Get WordPress Installed Location
-if(!dir = get_dir_from_kb(port:port, app:"WordPress")){
- exit(0);
-}
+if(!dir = get_app_location(cpe:CPE, nvt:SCRIPT_OID, port:port))exit(0);
## check for plugin installation
sndReq = http_get(item:string(dir, "/wp-content/plugins/wordpress-processing" +
Modified: trunk/openvas-plugins/scripts/gb_wordpress_register_plus_mult_vuln.nasl
===================================================================
--- trunk/openvas-plugins/scripts/gb_wordpress_register_plus_mult_vuln.nasl 2012-07-13 14:52:32 UTC (rev 13732)
+++ trunk/openvas-plugins/scripts/gb_wordpress_register_plus_mult_vuln.nasl 2012-07-13 16:14:22 UTC (rev 13733)
@@ -24,9 +24,12 @@
# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
###############################################################################
+SCRIPT_OID = "1.3.6.1.4.1.25623.1.0.801492";
+CPE = "cpe:/a:wordpress:wordpress";
+
if(description)
{
- script_id(801492);
+ script_oid(SCRIPT_OID);
script_version("$Revision$");
script_tag(name:"last_modification", value:"$Date$");
script_tag(name:"creation_date", value:"2010-12-27 09:55:05 +0100 (Mon, 27 Dec 2010)");
@@ -84,24 +87,17 @@
include("http_func.inc");
include("version_func.inc");
include("http_keepalive.inc");
+include("host_details.inc");
+
## Get HTTP Port
-wpPort = get_http_port(default:80);
-if(!wpPort){
- exit(0);
-}
+if(!port = get_app_port(cpe:CPE, nvt:SCRIPT_OID))exit(0);
+if(!dir = get_app_location(cpe:CPE, nvt:SCRIPT_OID, port:port))exit(0);
-## Get WordPress Path from KB
-wpVer = get_kb_item("www/" + wpPort + "/WordPress");
-if(!wpVer){
- exit(0);
-}
-
-wpVer = eregmatch(pattern:"^(.+) under (/.*)$", string:wpVer);
-if(wpVer[2] != NULL)
+if(dir != NULL)
{
## Try an exploit
- filename = string(wpVer[2] + "/wp-login.php?action=register");
+ filename = string(dir + "/wp-login.php?action=register");
host = get_host_name();
authVariables = "user_login=abc&user_email=abc%40gmail&firstname=&lastname=" +
"&website=&aim=&yahoo=&jabber=&about=&pass1=%22%3E%3Cscript" +
@@ -124,13 +120,13 @@
"Content-Length: ", strlen(authVariables), "\r\n\r\n",
authVariables);
- rcvRes2 = http_keepalive_send_recv(port:wpPort, data:sndReq2);
+ rcvRes2 = http_keepalive_send_recv(port:port, data:sndReq2);
## Check the response to confirm vulnerability
if(egrep(pattern:"^HTTP/.* 200 OK", string:rcvRes2) &&
("><script>alert(document.cookie)</script>" >< rcvRes2))
{
- security_warning(wpPort);
+ security_warning(port:port);
exit(0);
}
}
Modified: trunk/openvas-plugins/scripts/gb_wordpress_register_plus_redux_mult_xss_vuln.nasl
===================================================================
--- trunk/openvas-plugins/scripts/gb_wordpress_register_plus_redux_mult_xss_vuln.nasl 2012-07-13 14:52:32 UTC (rev 13732)
+++ trunk/openvas-plugins/scripts/gb_wordpress_register_plus_redux_mult_xss_vuln.nasl 2012-07-13 16:14:22 UTC (rev 13733)
@@ -24,9 +24,12 @@
# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
################################################################################
+SCRIPT_OID = "1.3.6.1.4.1.25623.1.0.802324";
+CPE = "cpe:/a:wordpress:wordpress";
+
if(description)
{
- script_id(802324);
+ script_oid(SCRIPT_OID);
script_version("$Revision$");
script_tag(name:"last_modification", value:"$Date$");
script_tag(name:"creation_date", value:"2011-08-18 14:57:45 +0200 (Thu, 18 Aug 2011)");
@@ -81,9 +84,11 @@
include("http_func.inc");
include("version_func.inc");
include("http_keepalive.inc");
+include("host_details.inc");
+
## Get HTTP Port
-wpPort = get_http_port(default:80);
+wpPort = get_app_port(cpe:CPE, nvt:SCRIPT_OID);
if(!wpPort){
exit(0);
}
@@ -94,10 +99,9 @@
}
## Get WordPress Directory
-if(!wpDir = get_dir_from_kb(port:wpPort, app:"WordPress")){
- exit(0);
-}
+if(!wpDir = get_app_location(cpe:CPE, nvt:SCRIPT_OID, port:wpPort))exit(0);
+
## Try an exploit
filename = string(wpDir + "/wp-login.php?action=register");
host = get_host_name();
Modified: trunk/openvas-plugins/scripts/gb_wordpress_rss_feed_reader_plugin_xss_vuln.nasl
===================================================================
--- trunk/openvas-plugins/scripts/gb_wordpress_rss_feed_reader_plugin_xss_vuln.nasl 2012-07-13 14:52:32 UTC (rev 13732)
+++ trunk/openvas-plugins/scripts/gb_wordpress_rss_feed_reader_plugin_xss_vuln.nasl 2012-07-13 16:14:22 UTC (rev 13733)
@@ -24,9 +24,12 @@
# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
###############################################################################
+SCRIPT_OID = "1.3.6.1.4.1.25623.1.0.800196";
+CPE = "cpe:/a:wordpress:wordpress";
+
if(description)
{
- script_id(800196);
+ script_oid(SCRIPT_OID);
script_version("$Revision$");
script_tag(name:"last_modification", value:"$Date$");
script_tag(name:"creation_date", value:"2011-02-07 15:21:16 +0100 (Mon, 07 Feb 2011)");
@@ -86,12 +89,11 @@
include("http_func.inc");
include("version_func.inc");
include("http_keepalive.inc");
+include("host_details.inc");
+
## Get HTTP Port
-port = get_http_port(default:80);
-if(!port){
- exit(0);
-}
+if(!port = get_app_port(cpe:CPE, nvt:SCRIPT_OID))exit(0);
## Check Host Supports PHP
if(!can_host_php(port:port)){
@@ -99,10 +101,9 @@
}
## Get WordPress Installed Location
-if(!dir = get_dir_from_kb(port:port, app:"WordPress")){
- exit(0);
-}
+if(!dir = get_app_location(cpe:CPE, nvt:SCRIPT_OID, port:port))exit(0);
+
## Construct the Attack Request
url = dir+ "/wp-content/plugins/rss-feed-reader/magpie/scripts/magpie_slashb" +
"ox.php?rss_url=<script>alert('OpenVAS-XSS-Attack-Test')</script>";
Modified: trunk/openvas-plugins/scripts/gb_wordpress_safe_search_xss_vuln.nasl
===================================================================
--- trunk/openvas-plugins/scripts/gb_wordpress_safe_search_xss_vuln.nasl 2012-07-13 14:52:32 UTC (rev 13732)
+++ trunk/openvas-plugins/scripts/gb_wordpress_safe_search_xss_vuln.nasl 2012-07-13 16:14:22 UTC (rev 13733)
@@ -24,9 +24,12 @@
# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
################################i###############################################
+SCRIPT_OID = "1.3.6.1.4.1.25623.1.0.801490";
+CPE = "cpe:/a:wordpress:wordpress";
+
if(description)
{
- script_id(801490);
+ script_oid(SCRIPT_OID);
script_version("$Revision$");
script_tag(name:"last_modification", value:"$Date$");
script_tag(name:"creation_date", value:"2010-12-21 15:42:46 +0100 (Tue, 21 Dec 2010)");
@@ -77,24 +80,22 @@
include("http_func.inc");
include("version_func.inc");
include("http_keepalive.inc");
+include("host_details.inc");
+
## Get HTTP Port
-wpPort = get_http_port(default:80);
+wpPort = get_app_port(cpe:CPE, nvt:SCRIPT_OID);
if(!wpPort){
exit(0);
}
## Get WordPress Path from KB
-wpVer = get_kb_item("www/" + wpPort + "/WordPress");
-if(!wpVer){
- exit(0);
-}
+if(!dir = get_app_location(cpe:CPE, nvt:SCRIPT_OID, port:wpPort))exit(0);
-wpVer = eregmatch(pattern:"^(.+) under (/.*)$", string:wpVer);
-if(wpVer[2] != NULL)
+if(dir != NULL)
{
# Try expliot and check response
- sndReq = http_get(item:string(wpVer[2], "/wp-content/plugins/wp-safe-search/" +
+ sndReq = http_get(item:string(dir, "/wp-content/plugins/wp-safe-search/" +
"wp-safe-search-jx.php?v1=<script>alert(XSS-Testing)</script>"), port:wpPort);
rcvRes = http_send_recv(port:wpPort, data:sndReq);
if("<script>alert(XSS-Testing)</script>" >< rcvRes){
Modified: trunk/openvas-plugins/scripts/gb_wordpress_setup_config_mult_vuln.nasl
===================================================================
--- trunk/openvas-plugins/scripts/gb_wordpress_setup_config_mult_vuln.nasl 2012-07-13 14:52:32 UTC (rev 13732)
+++ trunk/openvas-plugins/scripts/gb_wordpress_setup_config_mult_vuln.nasl 2012-07-13 16:14:22 UTC (rev 13733)
@@ -24,9 +24,12 @@
# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
###############################################################################
+SCRIPT_OID = "1.3.6.1.4.1.25623.1.0.802298";
+CPE = "cpe:/a:wordpress:wordpress";
+
if(description)
{
- script_id(802298);
+ script_oid(SCRIPT_OID);
script_version("$Revision$");
script_cve_id("CVE-2011-4898", "CVE-2011-4899", "CVE-2012-0782");
script_tag(name:"cvss_base", value:"7.5");
@@ -78,22 +81,20 @@
include("http_func.inc");
include("version_func.inc");
include("http_keepalive.inc");
+include("host_details.inc");
+
## Get HTTP Port
-port = get_http_port(default:80);
-if(!port){
- exit(0);
-}
+if(!port = get_app_port(cpe:CPE, nvt:SCRIPT_OID))exit(0);
+
## Check Host Supports PHP
if(!can_host_php(port:port)){
exit(0);
}
## Get WordPress Location
-if(!dir = get_dir_from_kb(port:port, app:"WordPress")){
- exit(0);
-}
+if(!dir = get_app_location(cpe:CPE, nvt:SCRIPT_OID, port:port))exit(0);
## Construct attack request
url = dir + "/wp-admin/setup-config.php?step=2";
Modified: trunk/openvas-plugins/scripts/gb_wordpress_sharebar_plugin_mult_vuln.nasl
===================================================================
--- trunk/openvas-plugins/scripts/gb_wordpress_sharebar_plugin_mult_vuln.nasl 2012-07-13 14:52:32 UTC (rev 13732)
+++ trunk/openvas-plugins/scripts/gb_wordpress_sharebar_plugin_mult_vuln.nasl 2012-07-13 16:14:22 UTC (rev 13733)
@@ -24,9 +24,12 @@
# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
###############################################################################
+SCRIPT_OID = "1.3.6.1.4.1.25623.1.0.802858";
+CPE = "cpe:/a:wordpress:wordpress";
+
if(description)
{
- script_id(802858);
+ script_oid(SCRIPT_OID);
script_version("$Revision$");
script_bugtraq_id(53201);
script_tag(name:"cvss_base", value:"7.5");
@@ -81,27 +84,25 @@
include("http_func.inc");
include("version_func.inc");
include("http_keepalive.inc");
+include("host_details.inc");
+
## Variable Initialization
dir = "";
url = "";
port = 0;
## Get HTTP Port
-port = get_http_port(default:80);
-if(!port){
- exit(0);
-}
+if(!port = get_app_port(cpe:CPE, nvt:SCRIPT_OID))exit(0);
+
## Check Host Supports PHP
if(!can_host_php(port:port)){
exit(0);
}
## Get WordPress Location
-if(!dir = get_dir_from_kb(port:port, app:"WordPress")){
- exit(0);
-}
+if(!dir = get_app_location(cpe:CPE, nvt:SCRIPT_OID, port:port))exit(0);
## Construct the Attack Request
url = dir + '/wp-content/plugins/sharebar/sharebar-admin.php?' +
Modified: trunk/openvas-plugins/scripts/gb_wordpress_socialmedia_buttons_plugin_xss_vuln.nasl
===================================================================
--- trunk/openvas-plugins/scripts/gb_wordpress_socialmedia_buttons_plugin_xss_vuln.nasl 2012-07-13 14:52:32 UTC (rev 13732)
+++ trunk/openvas-plugins/scripts/gb_wordpress_socialmedia_buttons_plugin_xss_vuln.nasl 2012-07-13 16:14:22 UTC (rev 13733)
@@ -24,9 +24,12 @@
# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
###############################################################################
+SCRIPT_OID = "1.3.6.1.4.1.25623.1.0.802856";
+CPE = "cpe:/a:wordpress:wordpress";
+
if(description)
{
- script_id(802856);
+ script_oid(SCRIPT_OID);
script_version("$Revision$");
script_bugtraq_id(53481);
script_tag(name:"cvss_base", value:"4.3");
@@ -80,27 +83,25 @@
include("http_func.inc");
include("version_func.inc");
include("http_keepalive.inc");
+include("host_details.inc");
+
## Variable Initialization
dir = "";
url = "";
port = 0;
## Get HTTP Port
-port = get_http_port(default:80);
-if(!port){
- exit(0);
-}
+if(!port = get_app_port(cpe:CPE, nvt:SCRIPT_OID))exit(0);
+
## Check Host Supports PHP
if(!can_host_php(port:port)){
exit(0);
}
## Get WordPress Location
-if(!dir = get_dir_from_kb(port:port, app:"WordPress")){
- exit(0);
-}
+if(!dir = get_app_location(cpe:CPE, nvt:SCRIPT_OID, port:port))exit(0);
## Construct the Attack Request
url = dir + '/wp-content/plugins/2-click-socialmedia-buttons/libs/' +
Modified: trunk/openvas-plugins/scripts/gb_wordpress_store_locator_plus_mult_vuln.nasl
===================================================================
--- trunk/openvas-plugins/scripts/gb_wordpress_store_locator_plus_mult_vuln.nasl 2012-07-13 14:52:32 UTC (rev 13732)
+++ trunk/openvas-plugins/scripts/gb_wordpress_store_locator_plus_mult_vuln.nasl 2012-07-13 16:14:22 UTC (rev 13733)
@@ -24,9 +24,12 @@
# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
###############################################################################
+SCRIPT_OID = "1.3.6.1.4.1.25623.1.0.802644";
+CPE = "cpe:/a:wordpress:wordpress";
+
if(description)
{
- script_id(802644);
+ script_oid(SCRIPT_OID);
script_version("$Revision$");
script_bugtraq_id(53795);
script_tag(name:"cvss_base", value:"7.5");
@@ -82,14 +85,16 @@
include("http_func.inc");
include("version_func.inc");
include("http_keepalive.inc");
+include("host_details.inc");
+
## Variable Initialization
req = "";
res = "";
port = 0;
## Get HTTP Port
-port = get_http_port(default: 80);
+if(!port = get_app_port(cpe:CPE, nvt:SCRIPT_OID))exit(0);
## Check Port State
if(! get_port_state(port)){
@@ -102,9 +107,7 @@
}
## Get WordPress Installed Location
-if(!dir = get_dir_from_kb(port:port, app:"WordPress")){
- exit(0);
-}
+if(!dir = get_app_location(cpe:CPE, nvt:SCRIPT_OID, port:port))exit(0);
## Construct attack request
url = dir + "/wp-content/plugins/store-locator-le/downloadcsv.php";
Modified: trunk/openvas-plugins/scripts/gb_wordpress_theme_tuner_plugin_rfi_vuln.nasl
===================================================================
--- trunk/openvas-plugins/scripts/gb_wordpress_theme_tuner_plugin_rfi_vuln.nasl 2012-07-13 14:52:32 UTC (rev 13732)
+++ trunk/openvas-plugins/scripts/gb_wordpress_theme_tuner_plugin_rfi_vuln.nasl 2012-07-13 16:14:22 UTC (rev 13733)
@@ -24,9 +24,12 @@
# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
###############################################################################
+SCRIPT_OID = "1.3.6.1.4.1.25623.1.0.802604";
+CPE = "cpe:/a:wordpress:wordpress";
+
if(description)
{
- script_id(802604);
+ script_oid(SCRIPT_OID);
script_version("$Revision$");
script_bugtraq_id(51636);
script_cve_id("CVE-2012-0934");
@@ -83,10 +86,7 @@
include("http_keepalive.inc");
## Get HTTP Port
-port = get_http_port(default:80);
-if(!port){
- exit(0);
-}
+if(!port = get_app_port(cpe:CPE, nvt:SCRIPT_OID))exit(0);
## Check Host Supports PHP
if(!can_host_php(port:port)){
@@ -94,9 +94,7 @@
}
## Get WordPress Location
-if(!dir = get_dir_from_kb(port:port, app:"WordPress")){
- exit(0);
-}
+if(!dir = get_app_location(cpe:CPE, nvt:SCRIPT_OID, port:port))exit(0);
## Get Host Name or IP
host = get_host_name();
Modified: trunk/openvas-plugins/scripts/gb_wordpress_toolspack_backdoor_2012.nasl
===================================================================
--- trunk/openvas-plugins/scripts/gb_wordpress_toolspack_backdoor_2012.nasl 2012-07-13 14:52:32 UTC (rev 13732)
+++ trunk/openvas-plugins/scripts/gb_wordpress_toolspack_backdoor_2012.nasl 2012-07-13 16:14:22 UTC (rev 13733)
@@ -25,6 +25,9 @@
# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
###############################################################################
+SCRIPT_OID = "1.3.6.1.4.1.25623.1.0.103445";
+CPE = "cpe:/a:wordpress:wordpress";
+
desc = "Overview:
The WordPress ToolsPack Plugin on this host contains a Backdoor.
@@ -41,7 +44,7 @@
if (description)
{
- script_id(103445);
+ script_oid(SCRIPT_OID);
script_version ("$Revision$");
script_tag(name:"cvss_base", value:"7.5");
script_tag(name:"cvss_base_vector", value:"AV:N/AC:L/Au:N/C:P/I:P/A:P");
@@ -68,13 +71,12 @@
include("version_func.inc");
include("misc_func.inc");
-port = get_http_port(default:80);
+if(!port = get_app_port(cpe:CPE, nvt:SCRIPT_OID))exit(0);
+
if(!get_port_state(port))exit(0);
if(!can_host_php(port:port))exit(0);
-if(!dir = get_dir_from_kb(port:port, app:"WordPress")){
- exit(0);
-}
+if(!dir = get_app_location(cpe:CPE, nvt:SCRIPT_OID, port:port))exit(0);
commands = exploit_commands();
Modified: trunk/openvas-plugins/scripts/gb_wordpress_upm_polls_plugin_sql_inj_vuln.nasl
===================================================================
--- trunk/openvas-plugins/scripts/gb_wordpress_upm_polls_plugin_sql_inj_vuln.nasl 2012-07-13 14:52:32 UTC (rev 13732)
+++ trunk/openvas-plugins/scripts/gb_wordpress_upm_polls_plugin_sql_inj_vuln.nasl 2012-07-13 16:14:22 UTC (rev 13733)
@@ -24,9 +24,12 @@
# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
###############################################################################
+SCRIPT_OID = "1.3.6.1.4.1.25623.1.0.802032";
+CPE = "cpe:/a:wordpress:wordpress";
+
if(description)
{
- script_id(802032);
+ script_oid(SCRIPT_OID);
script_version("$Revision$");
script_tag(name:"last_modification", value:"$Date$");
script_tag(name:"creation_date", value:"2011-08-18 14:57:45 +0200 (Thu, 18 Aug 2011)");
@@ -76,12 +79,11 @@
include("http_func.inc");
include("version_func.inc");
include("http_keepalive.inc");
+include("host_details.inc");
+
## Get HTTP Port
-port = get_http_port(default:80);
-if(!port){
- exit(0);
-}
+if(!port = get_app_port(cpe:CPE, nvt:SCRIPT_OID))exit(0);
## Check Host Supports PHP
if(!can_host_php(port:port)){
@@ -89,9 +91,7 @@
}
## Get WordPress Location
-if(!dir = get_dir_from_kb(port:port, app:"WordPress")){
- exit(0);
-}
+if(!dir = get_app_location(cpe:CPE, nvt:SCRIPT_OID, port:port))exit(0);
## Construct SQL Injection
path = dir + "/wp-content/plugins/upm-polls/includes/poll_logs.php?qid=" +
Modified: trunk/openvas-plugins/scripts/gb_wordpress_user_id_and_user_name_disclosure.nasl
===================================================================
--- trunk/openvas-plugins/scripts/gb_wordpress_user_id_and_user_name_disclosure.nasl 2012-07-13 14:52:32 UTC (rev 13732)
+++ trunk/openvas-plugins/scripts/gb_wordpress_user_id_and_user_name_disclosure.nasl 2012-07-13 16:14:22 UTC (rev 13733)
@@ -24,6 +24,9 @@
# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
###############################################################################
+SCRIPT_OID = "1.3.6.1.4.1.25623.1.0.103222";
+CPE = "cpe:/a:wordpress:wordpress";
+
desc = "Overview:
WordPress platforms use a parameter called `author'. This parameter
accepts integer values and represents the `User ID' of users in the
@@ -44,7 +47,7 @@
if (description)
{
- script_id(103222);
+ script_oid(SCRIPT_OID);
script_version("$Revision$");
script_tag(name:"last_modification", value:"$Date$");
script_tag(name:"creation_date", value:"2011-08-24 15:44:33 +0200 (Wed, 24 Aug 2011)");
@@ -70,13 +73,15 @@
include("http_keepalive.inc");
include("version_func.inc");
-port = get_http_port(default:80);
+if(!port = get_app_port(cpe:CPE, nvt:SCRIPT_OID))exit(0);
+
if(!get_port_state(port))exit(0);
if(!can_host_php(port:port))exit(0);
-if(!dir = get_dir_from_kb(port:port, app:"WordPress"))exit(0);
+if(!dir = get_app_location(cpe:CPE, nvt:SCRIPT_OID, port:port))exit(0);
+
for(i=1;i<25;i++) {
url = string(dir,"/?author=",i);
Modified: trunk/openvas-plugins/scripts/gb_wordpress_whois_plugin_xss_vuln.nasl
===================================================================
--- trunk/openvas-plugins/scripts/gb_wordpress_whois_plugin_xss_vuln.nasl 2012-07-13 14:52:32 UTC (rev 13732)
+++ trunk/openvas-plugins/scripts/gb_wordpress_whois_plugin_xss_vuln.nasl 2012-07-13 16:14:22 UTC (rev 13733)
@@ -24,9 +24,12 @@
# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
###############################################################################
+SCRIPT_OID = "1.3.6.1.4.1.25623.1.0.802553";
+CPE = "cpe:/a:wordpress:wordpress";
+
if(description)
{
- script_id(802553);
+ script_oid(SCRIPT_OID);
script_version("$Revision$");
script_bugtraq_id(51244);
script_tag(name:"cvss_base", value:"4.3");
@@ -81,12 +84,11 @@
include("http_func.inc");
include("version_func.inc");
include("http_keepalive.inc");
+include("host_details.inc");
+
## Get HTTP Port
-port = get_http_port(default:80);
-if(!port){
- exit(0);
-}
+if(!port = get_app_port(cpe:CPE, nvt:SCRIPT_OID))exit(0);
## Check Host Supports PHP
if(!can_host_php(port:port)){
@@ -94,9 +96,7 @@
}
## Get WordPress Installed Location
-if(!dir = get_dir_from_kb(port:port, app:"WordPress")){
- exit(0);
-}
+if(!dir = get_app_location(cpe:CPE, nvt:SCRIPT_OID, port:port))exit(0);
## Construct the Attack Request
url = dir + '/wp-content/plugins/wordpress-whois-search/wp-whois-ajax.php?' +
Modified: trunk/openvas-plugins/scripts/gb_wordpress_wp_custom_pages_plugin_dir_trav.nasl
===================================================================
--- trunk/openvas-plugins/scripts/gb_wordpress_wp_custom_pages_plugin_dir_trav.nasl 2012-07-13 14:52:32 UTC (rev 13732)
+++ trunk/openvas-plugins/scripts/gb_wordpress_wp_custom_pages_plugin_dir_trav.nasl 2012-07-13 16:14:22 UTC (rev 13733)
@@ -24,9 +24,12 @@
# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
###############################################################################
+SCRIPT_OID = "1.3.6.1.4.1.25623.1.0.802013";
+CPE = "cpe:/a:wordpress:wordpress";
+
if(description)
{
- script_id(802013);
+ script_oid(SCRIPT_OID);
script_version("$Revision$");
script_tag(name:"last_modification", value:"$Date$");
script_tag(name:"creation_date", value:"2011-04-11 14:40:00 +0200 (Mon, 11 Apr 2011)");
@@ -86,10 +89,7 @@
include("http_keepalive.inc");
## Get HTTP Port
-port = get_http_port(default:80);
-if(!port){
- exit(0);
-}
+if(!port = get_app_port(cpe:CPE, nvt:SCRIPT_OID))exit(0);
## Check Host Supports PHP
if(!can_host_php(port:port)){
@@ -97,9 +97,7 @@
}
## Get WordPress Installed Location
-if(!dir = get_dir_from_kb(port:port, app:"WordPress")){
- exit(0);
-}
+if(!dir = get_app_location(cpe:CPE, nvt:SCRIPT_OID, port:port))exit(0);
## traversal_files() function Returns Dictionary (i.e key value pair)
## Get Content to be checked and file to be check
Modified: trunk/openvas-plugins/scripts/gb_wordpress_wp_forum_server_plugin_sql_vuln.nasl
===================================================================
--- trunk/openvas-plugins/scripts/gb_wordpress_wp_forum_server_plugin_sql_vuln.nasl 2012-07-13 14:52:32 UTC (rev 13732)
+++ trunk/openvas-plugins/scripts/gb_wordpress_wp_forum_server_plugin_sql_vuln.nasl 2012-07-13 16:14:22 UTC (rev 13733)
@@ -24,9 +24,12 @@
# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
###############################################################################
+SCRIPT_OID = "1.3.6.1.4.1.25623.1.0.802006";
+CPE = "cpe:/a:wordpress:wordpress";
+
if(description)
{
- script_id(802006);
+ script_oid(SCRIPT_OID);
script_version("$Revision$");
script_tag(name:"last_modification", value:"$Date$");
script_tag(name:"creation_date", value:"2011-03-10 13:33:28 +0100 (Thu, 10 Mar 2011)");
@@ -80,12 +83,11 @@
include("http_func.inc");
include("version_func.inc");
include("http_keepalive.inc");
+include("host_details.inc");
+
## Get HTTP Port
-port = get_http_port(default:80);
-if(!port){
- exit(0);
-}
+if(!port = get_app_port(cpe:CPE, nvt:SCRIPT_OID))exit(0);
## Check Host Supports PHP
if(!can_host_php(port:port)){
@@ -93,9 +95,7 @@
}
## Get WordPress Installed Location
-if(!dir = get_dir_from_kb(port:port, app:"WordPress")){
- exit(0);
-}
+if(!dir = get_app_location(cpe:CPE, nvt:SCRIPT_OID, port:port))exit(0);
## Construct the Attack Request
url = dir + "/wp-content/plugins/forum-server/feed.php?topic=" +
Modified: trunk/openvas-plugins/scripts/gb_wordpress_wp_property_file_upload_vuln.nasl
===================================================================
--- trunk/openvas-plugins/scripts/gb_wordpress_wp_property_file_upload_vuln.nasl 2012-07-13 14:52:32 UTC (rev 13732)
+++ trunk/openvas-plugins/scripts/gb_wordpress_wp_property_file_upload_vuln.nasl 2012-07-13 16:14:22 UTC (rev 13733)
@@ -24,9 +24,12 @@
# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
###############################################################################
+SCRIPT_OID = "1.3.6.1.4.1.25623.1.0.802640";
+CPE = "cpe:/a:wordpress:wordpress";
+
if(description)
{
- script_id(802640);
+ script_oid(SCRIPT_OID);
script_version("$Revision$");
script_bugtraq_id(53787);
script_tag(name:"cvss_base", value:"7.5");
@@ -80,7 +83,9 @@
include("http_func.inc");
include("version_func.inc");
include("http_keepalive.inc");
+include("host_details.inc");
+
function upload_file(url, file, ex, folder, len)
{
return string(
@@ -109,7 +114,7 @@
port = 0;
## Get HTTP Port
-port = get_http_port(default: 80);
+if(!port = get_app_port(cpe:CPE, nvt:SCRIPT_OID))exit(0);
## Check Port State
if(! get_port_state(port)){
@@ -122,9 +127,7 @@
}
## Get WordPress Installed Location
-if(!dir = get_dir_from_kb(port:port, app:"WordPress")){
- exit(0);
-}
+if(!dir = get_app_location(cpe:CPE, nvt:SCRIPT_OID, port:port))exit(0);
## Construct attack request
file = "ov-file-upload-test.php";
Modified: trunk/openvas-plugins/scripts/gb_wordpress_wp_symposium_plugin_uid_param_xss_vuln.nasl
===================================================================
--- trunk/openvas-plugins/scripts/gb_wordpress_wp_symposium_plugin_uid_param_xss_vuln.nasl 2012-07-13 14:52:32 UTC (rev 13732)
+++ trunk/openvas-plugins/scripts/gb_wordpress_wp_symposium_plugin_uid_param_xss_vuln.nasl 2012-07-13 16:14:22 UTC (rev 13733)
@@ -24,9 +24,12 @@
# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
###############################################################################
+SCRIPT_OID = "1.3.6.1.4.1.25623.1.0.802288";
+CPE = "cpe:/a:wordpress:wordpress";
+
if(description)
{
- script_id(802288);
+ script_oid(SCRIPT_OID);
script_version("$Revision$");
script_bugtraq_id(51017);
script_cve_id("CVE-2011-3841");
@@ -81,12 +84,11 @@
include("http_func.inc");
include("version_func.inc");
include("http_keepalive.inc");
+include("host_details.inc");
+
## Get HTTP Port
-port = get_http_port(default:80);
-if(!port){
- exit(0);
-}
+if(!port = get_app_port(cpe:CPE, nvt:SCRIPT_OID))exit(0);
## Check Host Supports PHP
if(!can_host_php(port:port)){
@@ -94,9 +96,7 @@
}
## Get WordPress Location
-if(!dir = get_dir_from_kb(port:port, app:"WordPress")){
- exit(0);
-}
+if(!dir = get_app_location(cpe:CPE, nvt:SCRIPT_OID, port:port))exit(0);
## Construct attack request
url = dir + '/wp-content/plugins/wp-symposium/uploadify/get_profile_' +
Modified: trunk/openvas-plugins/scripts/gb_wordpress_wpecommerce_plugin_xss_vuln.nasl
===================================================================
--- trunk/openvas-plugins/scripts/gb_wordpress_wpecommerce_plugin_xss_vuln.nasl 2012-07-13 14:52:32 UTC (rev 13732)
+++ trunk/openvas-plugins/scripts/gb_wordpress_wpecommerce_plugin_xss_vuln.nasl 2012-07-13 16:14:22 UTC (rev 13733)
@@ -24,9 +24,12 @@
# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
###############################################################################
+SCRIPT_OID = "1.3.6.1.4.1.25623.1.0.802321";
+CPE = "cpe:/a:wordpress:wordpress";
+
if(description)
{
- script_id(802321);
+ script_oid(SCRIPT_OID);
script_version("$Revision$");
script_tag(name:"last_modification", value:"$Date$");
script_tag(name:"creation_date", value:"2011-08-12 14:44:50 +0200 (Fri, 12 Aug 2011)");
@@ -80,12 +83,11 @@
include("http_func.inc");
include("version_func.inc");
include("http_keepalive.inc");
+include("host_details.inc");
+
## Get HTTP Port
-port = get_http_port(default:80);
-if(!port){
- exit(0);
-}
+if(!port = get_app_port(cpe:CPE, nvt:SCRIPT_OID))exit(0);
## Check Host Supports PHP
if(!can_host_php(port:port)){
@@ -93,9 +95,7 @@
}
## Get WordPress Installed Location
-if(!dir = get_dir_from_kb(port:port, app:"WordPress")){
- exit(0);
-}
+if(!dir = get_app_location(cpe:CPE, nvt:SCRIPT_OID, port:port))exit(0);
## Construct the Attack Request
url = dir + "/wp-content/plugins/wp-e-commerce/wpsc-theme/wpsc-cart_widget.php?" +
Modified: trunk/openvas-plugins/scripts/gb_wordpress_wptouch_plugin_wptouch_settings_xss.nasl
===================================================================
--- trunk/openvas-plugins/scripts/gb_wordpress_wptouch_plugin_wptouch_settings_xss.nasl 2012-07-13 14:52:32 UTC (rev 13732)
+++ trunk/openvas-plugins/scripts/gb_wordpress_wptouch_plugin_wptouch_settings_xss.nasl 2012-07-13 16:14:22 UTC (rev 13733)
@@ -24,9 +24,12 @@
# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
###############################################################################
+SCRIPT_OID = "1.3.6.1.4.1.25623.1.0.802014";
+CPE = "cpe:/a:wordpress:wordpress";
+
if(description)
{
- script_id(802014);
+ script_oid(SCRIPT_OID);
script_version("$Revision$");
script_tag(name:"last_modification", value:"$Date$");
script_tag(name:"creation_date", value:"2011-04-11 14:40:00 +0200 (Mon, 11 Apr 2011)");
@@ -85,12 +88,11 @@
include("http_func.inc");
include("version_func.inc");
include("http_keepalive.inc");
+include("host_details.inc");
+
## Get HTTP Port
-port = get_http_port(default:80);
-if(!port){
- exit(0);
-}
+if(!port = get_app_port(cpe:CPE, nvt:SCRIPT_OID))exit(0);
## Check Host Supports PHP
if(!can_host_php(port:port)){
@@ -98,9 +100,7 @@
}
## Get WordPress Installed Location
-if(!dir = get_dir_from_kb(port:port, app:"WordPress")){
- exit(0);
-}
+if(!dir = get_app_location(cpe:CPE, nvt:SCRIPT_OID, port:port))exit(0);
# Path of Vulnerable Page
url = dir + "/wp-content/plugins/wptouch/include/adsense-new.php?wptou" +
Modified: trunk/openvas-plugins/scripts/gb_wordpress_zingiri_tickets_file_disc_vuln.nasl
===================================================================
--- trunk/openvas-plugins/scripts/gb_wordpress_zingiri_tickets_file_disc_vuln.nasl 2012-07-13 14:52:32 UTC (rev 13732)
+++ trunk/openvas-plugins/scripts/gb_wordpress_zingiri_tickets_file_disc_vuln.nasl 2012-07-13 16:14:22 UTC (rev 13733)
@@ -24,9 +24,12 @@
# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
###############################################################################
+SCRIPT_OID = "1.3.6.1.4.1.25623.1.0.802750";
+CPE = "cpe:/a:wordpress:wordpress";
+
if(description)
{
- script_id(802750);
+ script_oid(SCRIPT_OID);
script_version("$Revision$");
script_tag(name:"cvss_base", value:"5.0");
script_tag(name:"risk_factor", value:"Medium");
@@ -75,17 +78,16 @@
include("http_func.inc");
include("version_func.inc");
include("http_keepalive.inc");
+include("host_details.inc");
+
## Variable Initialization
port = "";
dir = "";
url = "";
## Get HTTP Port
-port = get_http_port(default:80);
-if(!port){
- exit(0);
-}
+if(!port = get_app_port(cpe:CPE, nvt:SCRIPT_OID))exit(0);
## Check Host Supports PHP
if(!can_host_php(port:port)){
@@ -93,9 +95,7 @@
}
## Get WordPress Installed Location
-if(!dir = get_dir_from_kb(port:port, app:"WordPress")){
- exit(0);
-}
+if(!dir = get_app_location(cpe:CPE, nvt:SCRIPT_OID, port:port))exit(0);
## Construct the attack req
url = string(dir, "/wp-content/plugins/zingiri-tickets/log.txt");
Modified: trunk/openvas-plugins/scripts/gb_wordpressmu_mult_vuln_jul09.nasl
===================================================================
--- trunk/openvas-plugins/scripts/gb_wordpressmu_mult_vuln_jul09.nasl 2012-07-13 14:52:32 UTC (rev 13732)
+++ trunk/openvas-plugins/scripts/gb_wordpressmu_mult_vuln_jul09.nasl 2012-07-13 16:14:22 UTC (rev 13733)
@@ -24,9 +24,12 @@
# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
###############################################################################
+SCRIPT_OID = "1.3.6.1.4.1.25623.1.0.800662";
+CPE = "cpe:/a:wordpress:wordpress";
+
if(description)
{
- script_id(800662);
+ script_oid(SCRIPT_OID);
script_version("$Revision$");
script_tag(name:"last_modification", value:"$Date$");
script_tag(name:"creation_date", value:"2009-07-18 09:37:41 +0200 (Sat, 18 Jul 2009)");
@@ -85,33 +88,22 @@
include("http_func.inc");
include("version_func.inc");
+include("host_details.inc");
-wpPort = get_http_port(default:80);
+
+wpPort = get_app_port(cpe:CPE, nvt:SCRIPT_OID);
if(!wpPort){
exit(0);
}
-wpmuVer = get_kb_item("www/" + wpPort + "/WordPress-Mu");
-if(!wpmuVer){
- exit(0);
-}
+if(!dir = get_app_location(cpe:CPE, nvt:SCRIPT_OID, port:wpPort))exit(0);
-wpmuVer = eregmatch(pattern:"^(.+) under (/.*)$", string:wpmuVer);
-if((wpmuVer[2] != NULL) && (!safe_checks()))
-{
- sndReq = http_get(item:string(wpmuVer[2], "/wp-settings.php"),
+sndReq = http_get(item:string(dir, "/wp-settings.php"),
port:wpPort);
- rcvRes = http_send_recv(port:wpPort, data:sndReq);
- if("ABSPATHwp-include" >< rcvRes && "include_path" >< rcvRes)
- {
- security_warning(wpPort);
- exit(0);
- }
-}
-
-if(wpmuVer[1] != NULL)
+rcvRes = http_send_recv(port:wpPort, data:sndReq);
+if("ABSPATHwp-include" >< rcvRes && "include_path" >< rcvRes)
{
- if(version_is_less(version:wpmuVer[1], test_version:"2.8.1")){
- security_warning(wpPort);
- }
+ security_warning(port:wpPort);
+ exit(0);
}
+
Modified: trunk/openvas-plugins/scripts/gb_wordpressmu_xss_vuln_apr09.nasl
===================================================================
--- trunk/openvas-plugins/scripts/gb_wordpressmu_xss_vuln_apr09.nasl 2012-07-13 14:52:32 UTC (rev 13732)
+++ trunk/openvas-plugins/scripts/gb_wordpressmu_xss_vuln_apr09.nasl 2012-07-13 16:14:22 UTC (rev 13733)
@@ -24,9 +24,12 @@
# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
###############################################################################
+SCRIPT_OID = "1.3.6.1.4.1.25623.1.0.800376";
+CPE = "cpe:/a:wordpress:wordpress";
+
if(description)
{
- script_id(800376);
+ script_oid(SCRIPT_OID);
script_version("$Revision$");
script_tag(name:"last_modification", value:"$Date$");
script_tag(name:"creation_date", value:"2009-05-11 08:41:11 +0200 (Mon, 11 May 2009)");
@@ -76,17 +79,19 @@
include("http_func.inc");
include("version_func.inc");
+include("host_details.inc");
-wpmuPort = get_http_port(default:80);
+
+wpmuPort = get_app_port(cpe:CPE, nvt:SCRIPT_OID);
if(!wpmuPort){
exit(0);
}
-wpmuVer = get_kb_item("www/" + wpmuPort + "/WordPress-Mu");
-wpmuVer = eregmatch(pattern:"^(.+) under (/.*)$", string:wpmuVer);
-if(wpmuVer[1] != NULL)
+if(!ver = get_app_version(cpe:CPE, nvt:SCRIPT_OID, port:port))exit(0);
+
+if(ver != NULL)
{
- if(version_is_less(version:wpmuVer[1], test_version:"2.7")){
- security_warning(wpmuPort);
+ if(version_is_less(version:ver, test_version:"2.7")){
+ security_warning(port:wpmuPort);
}
}
Modified: trunk/openvas-plugins/scripts/gb_wp_proplayer_49046.nasl
===================================================================
--- trunk/openvas-plugins/scripts/gb_wp_proplayer_49046.nasl 2012-07-13 14:52:32 UTC (rev 13732)
+++ trunk/openvas-plugins/scripts/gb_wp_proplayer_49046.nasl 2012-07-13 16:14:22 UTC (rev 13733)
@@ -24,9 +24,12 @@
# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
###############################################################################
+SCRIPT_OID = "1.3.6.1.4.1.25623.1.0.103196";
+CPE = "cpe:/a:wordpress:wordpress";
+
if (description)
{
- script_id(103196);
+ script_oid(SCRIPT_OID);
script_version("$Revision$");
script_tag(name:"last_modification", value:"$Date$");
script_tag(name:"creation_date", value:"2011-08-11 14:25:35 +0200 (Thu, 11 Aug 2011)");
@@ -69,13 +72,12 @@
include("http_keepalive.inc");
include("version_func.inc");
-port = get_http_port(default:80);
+if(!port = get_app_port(cpe:CPE, nvt:SCRIPT_OID))exit(0);
+
if(!get_port_state(port))exit(0);
if(!can_host_php(port:port))exit(0);
-if( ! dir = get_dir_from_kb(port:port, app:"WordPress")) {
- exit(0);
-}
+if(!dir = get_app_location(cpe:CPE, nvt:SCRIPT_OID, port:port))exit(0);
url = string(dir,"/plugins/proplayer/playlist-controller.php?pp_playlist_id=-1')%20UNION%20ALL%20SELECT%20NULL,NULL,0x4f70656e5641532d53514c2d496e6a656374696f6e2d54657374--%20");
Modified: trunk/openvas-plugins/scripts/secpod_wordpress_backwpup_plugin_code_exec_vuln.nasl
===================================================================
--- trunk/openvas-plugins/scripts/secpod_wordpress_backwpup_plugin_code_exec_vuln.nasl 2012-07-13 14:52:32 UTC (rev 13732)
+++ trunk/openvas-plugins/scripts/secpod_wordpress_backwpup_plugin_code_exec_vuln.nasl 2012-07-13 16:14:22 UTC (rev 13733)
@@ -24,9 +24,12 @@
# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
###############################################################################
+SCRIPT_OID = "1.3.6.1.4.1.25623.1.0.900277";
+CPE = "cpe:/a:wordpress:wordpress";
+
if(description)
{
- script_id(900277);
+ script_oid(SCRIPT_OID);
script_version("$Revision$");
script_tag(name:"last_modification", value:"$Date$");
script_tag(name:"creation_date", value:"2011-04-01 15:39:52 +0200 (Fri, 01 Apr 2011)");
@@ -80,12 +83,11 @@
include("http_func.inc");
include("version_func.inc");
include("http_keepalive.inc");
+include("host_details.inc");
+
## Get HTTP Port
-port = get_http_port(default:80);
-if(!port){
- exit(0);
-}
+if(!port = get_app_port(cpe:CPE, nvt:SCRIPT_OID))exit(0);
## Check Host Supports PHP
if(!can_host_php(port:port)){
@@ -93,9 +95,7 @@
}
## Get WordPress Installed Location
-if(!dir = get_dir_from_kb(port:port, app:"WordPress")){
- exit(0);
-}
+if(!dir = get_app_location(cpe:CPE, nvt:SCRIPT_OID, port:port))exit(0);
## Path of Vulnerable Page with phpinfo() function in base64 encoded format
path = dir + '/wp-content/plugins/backwpup/app/wp_xml_export.php?_nonce' +
Modified: trunk/openvas-plugins/scripts/secpod_wordpress_category_dropdown_plugin_xss_n_sql_inj_vuln.nasl
===================================================================
--- trunk/openvas-plugins/scripts/secpod_wordpress_category_dropdown_plugin_xss_n_sql_inj_vuln.nasl 2012-07-13 14:52:32 UTC (rev 13732)
+++ trunk/openvas-plugins/scripts/secpod_wordpress_category_dropdown_plugin_xss_n_sql_inj_vuln.nasl 2012-07-13 16:14:22 UTC (rev 13733)
@@ -24,9 +24,12 @@
# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
###############################################################################
+SCRIPT_OID = "1.3.6.1.4.1.25623.1.0.902505";
+CPE = "cpe:/a:wordpress:wordpress";
+
if(description)
{
- script_id(902505);
+ script_oid(SCRIPT_OID);
script_version("$Revision$");
script_tag(name:"last_modification", value:"$Date$");
script_tag(name:"creation_date", value:"2011-05-02 12:20:04 +0200 (Mon, 02 May 2011)");
@@ -77,12 +80,11 @@
include("http_func.inc");
include("version_func.inc");
include("http_keepalive.inc");
+include("host_details.inc");
+
## Get HTTP Port
-port = get_http_port(default:80);
-if(!port){
- exit(0);
-}
+if(!port = get_app_port(cpe:CPE, nvt:SCRIPT_OID))exit(0);
## Check Host Supports PHP
if(!can_host_php(port:port)){
@@ -90,9 +92,7 @@
}
## Get WordPress Location
-if(!dir = get_dir_from_kb(port:port, app:"WordPress")){
- exit(0);
-}
+if(!dir = get_app_location(cpe:CPE, nvt:SCRIPT_OID, port:port))exit(0);
## Construct attack request
url = url = string(dir, '/wp-content/plugins/ajax-category-dropdown/includes',
Modified: trunk/openvas-plugins/scripts/secpod_wordpress_detect_900182.nasl
===================================================================
--- trunk/openvas-plugins/scripts/secpod_wordpress_detect_900182.nasl 2012-07-13 14:52:32 UTC (rev 13732)
+++ trunk/openvas-plugins/scripts/secpod_wordpress_detect_900182.nasl 2012-07-13 16:14:22 UTC (rev 13733)
@@ -27,9 +27,11 @@
# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
###############################################################################
+SCRIPT_OID = "1.3.6.1.4.1.25623.1.0.900182";
+
if(description)
{
- script_id(900182);
+ script_oid(SCRIPT_OID);
script_version("$Revision$");
script_tag(name:"last_modification", value:"$Date$");
script_tag(name:"creation_date", value:"2008-12-26 14:23:17 +0100 (Fri, 26 Dec 2008)");
@@ -56,19 +58,8 @@
include("host_details.inc");
## Constant values
-SCRIPT_OID = "1.3.6.1.4.1.25623.1.0.900182";
SCRIPT_DESC = "WordPress Version Detection";
-## functions for script
-function register_cpe(tmpVers, tmpExpr, tmpBase){
-
- local_var cpe;
- ## build cpe and store it as host_detail
- cpe = build_cpe(value:tmpVers, exp:tmpExpr, base:tmpBase);
- if(!isnull(cpe))
- register_host_detail(name:"App", value:cpe, nvt:SCRIPT_OID, desc:SCRIPT_DESC);
-}
-
## start script
wpPort = get_kb_item("Services/www");
if(!wpPort){
@@ -108,11 +99,15 @@
set_kb_item(name:"www/" + wpPort + "/WordPress", value:tmp_version);
set_kb_item(name:"wordpress/installed",value:TRUE);
- security_note(data:"WordPress version " + wpVer[1] + " running at " + "location " + dir + " was detected on the host");
+ cpe = build_cpe(value:wpVer[1], exp:"^([0-9.]+)", base:"cpe:/a:wordpress:wordpress:");
+ if(!cpe)
+ cpe = 'cpe:/a:wordpress:wordpress:';
- ## build cpe and store it as host detail
- register_cpe(tmpVers:tmp_version,tmpExpr:"^([0-9.]+)",tmpBase:"cpe:/a:wordpress:wordpress:");
+ register_product(cpe:cpe, location:dir, nvt:SCRIPT_OID, port:wpPort);
+ log_message(data: build_detection_report(app:"WordPress", version:wpVer[1], install:dir, cpe:cpe, concluded: wpVer[0]),
+ port:wpPort);
+
}
@@ -125,16 +120,20 @@
tmp_version = wpmuVer[1] + " under " + dir;
} else {
tmp_version = "unknown under " + dir;
- wpVer[1] = "unknown";
+ wpmuVer[1] = "unknown";
}
tmp_version = wpmuVer[1] + " under " + dir;
set_kb_item(name:"www/" + wpPort + "/WordPress-Mu", value:tmp_version);
set_kb_item(name:"wordpress/installed",value:TRUE);
- security_note(data:"WordPress-Mu version " + wpmuVer[1] + " running at location " + dir + " was detected on the host");
- ## build cpe and store it as host detail
- register_cpe(tmpVers:tmp_version,tmpExpr:"^([0-9.]+)",tmpBase:"cpe:/a:wordpress:wordpress_mu:");
+ mu_cpe = build_cpe(value:wpmuVer[1], exp:"^([0-9.]+)", base:"cpe:/a:wordpress:wordpress_mu:");
+ if(!mu_cpe)
+ mu_cpe = 'cpe:/a:wordpress:wordpress_mu';
+ register_product(cpe:mu_cpe, location:dir, nvt:SCRIPT_OID, port:wpPort);
+
+ log_message(data: build_detection_report(app:"WordPress-Mu", version:wpmuVer[1], install:dir, cpe:mu_cpe, concluded: wpmuVer[0]),
+ port:wpPort);
}
}
Modified: trunk/openvas-plugins/scripts/secpod_wordpress_feedlist_xss_vuln.nasl
===================================================================
--- trunk/openvas-plugins/scripts/secpod_wordpress_feedlist_xss_vuln.nasl 2012-07-13 14:52:32 UTC (rev 13732)
+++ trunk/openvas-plugins/scripts/secpod_wordpress_feedlist_xss_vuln.nasl 2012-07-13 16:14:22 UTC (rev 13733)
@@ -24,9 +24,12 @@
# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
################################i###############################################
+SCRIPT_OID = "1.3.6.1.4.1.25623.1.0.902327";
+CPE = "cpe:/a:wordpress:wordpress";
+
if(description)
{
- script_id(902327);
+ script_oid(SCRIPT_OID);
script_version("$Revision$");
script_tag(name:"last_modification", value:"$Date$");
script_tag(name:"creation_date", value:"2011-01-03 16:00:43 +0100 (Mon, 03 Jan 2011)");
@@ -76,24 +79,23 @@
include("http_func.inc");
include("http_keepalive.inc");
+include("host_details.inc");
+
## Get HTTP Port
-wpPort = get_http_port(default:80);
+wpPort = get_app_port(cpe:CPE, nvt:SCRIPT_OID);
if(!wpPort){
exit(0);
}
## Get WordPress Path from KB
-wpVer = get_kb_item("www/" + wpPort + "/WordPress");
-if(!wpVer){
- exit(0);
-}
+if(!dir = get_app_location(cpe:CPE, nvt:SCRIPT_OID, port:wpPort))exit(0);
-wpVer = eregmatch(pattern:"^(.+) under (/.*)$", string:wpVer);
-if(wpVer[2] != NULL)
+
+if(dir != NULL)
{
# Try expliot and check response
- sndReq = http_get(item:string(wpVer[2], '/wp-content/plugins/feedlist/handler_image.php' +
+ sndReq = http_get(item:string(dir, '/wp-content/plugins/feedlist/handler_image.php' +
'?i=%3Cscript%3Ealert("XSS-Testing")%3C/script%3E'), port:wpPort);
rcvRes = http_keepalive_send_recv(port:wpPort, data:sndReq);
if('Cached file for <script>alert("XSS-Testing")</script> cannot be found' >< rcvRes){
Modified: trunk/openvas-plugins/scripts/secpod_wordpress_mingle_forum_plugin_xss_vuln.nasl
===================================================================
--- trunk/openvas-plugins/scripts/secpod_wordpress_mingle_forum_plugin_xss_vuln.nasl 2012-07-13 14:52:32 UTC (rev 13732)
+++ trunk/openvas-plugins/scripts/secpod_wordpress_mingle_forum_plugin_xss_vuln.nasl 2012-07-13 16:14:22 UTC (rev 13733)
@@ -24,9 +24,12 @@
# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
###############################################################################
+SCRIPT_OID = "1.3.6.1.4.1.25623.1.0.902665";
+CPE = "cpe:/a:wordpress:wordpress";
+
if(description)
{
- script_id(902665);
+ script_oid(SCRIPT_OID);
script_version("$Revision$");
script_tag(name:"cvss_base", value:"4.3");
script_tag(name:"risk_factor", value:"Medium");
@@ -74,7 +77,9 @@
include("http_func.inc");
include("version_func.inc");
include("http_keepalive.inc");
+include("host_details.inc");
+
## Variable Initialization
dir = "";
url = "";
@@ -84,10 +89,7 @@
postdata = "";
## Get HTTP Port
-port = get_http_port(default:80);
-if(!port){
- exit(0);
-}
+if(!port = get_app_port(cpe:CPE, nvt:SCRIPT_OID))exit(0);
## Check Host Supports PHP
if(!can_host_php(port:port)){
@@ -101,9 +103,7 @@
}
## Get WordPress Installed Location
-if(!dir = get_dir_from_kb(port:port, app:"WordPress")){
- exit(0);
-}
+if(!dir = get_app_location(cpe:CPE, nvt:SCRIPT_OID, port:port))exit(0);
## Path of Vulnerable Page
url = '/?mingleforumaction=search';
Modified: trunk/openvas-plugins/scripts/secpod_wordpress_mu_sec_bypass_vuln.nasl
===================================================================
--- trunk/openvas-plugins/scripts/secpod_wordpress_mu_sec_bypass_vuln.nasl 2012-07-13 14:52:32 UTC (rev 13732)
+++ trunk/openvas-plugins/scripts/secpod_wordpress_mu_sec_bypass_vuln.nasl 2012-07-13 16:14:22 UTC (rev 13733)
@@ -24,9 +24,12 @@
# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
###############################################################################
+SCRIPT_OID = "1.3.6.1.4.1.25623.1.0.900816";
+CPE = "cpe:/a:wordpress:wordpress";
+
if(description)
{
- script_id(900816);
+ script_oid(SCRIPT_OID);
script_version("$Revision$");
script_tag(name:"last_modification", value:"$Date$");
script_tag(name:"creation_date", value:"2009-08-20 09:27:17 +0200 (Thu, 20 Aug 2009)");
@@ -77,36 +80,25 @@
include("http_func.inc");
include("version_func.inc");
+include("host_details.inc");
+
# Get for WordPress-Mu Default Port
-wpmuPort = get_http_port(default:80);
+wpmuPort = get_app_port(cpe:CPE, nvt:SCRIPT_OID);
if(!wpmuPort){
exit(0);
}
# Get KB for WordPress-Mu Version
-wpmuVer = get_kb_item("www/" + wpmuPort + "/WordPress-Mu");
-wpmuVer = eregmatch(pattern:"^(.+) under (/.*)$", string:wpmuVer);
+if(!dir = get_app_location(cpe:CPE, nvt:SCRIPT_OID, port:port))exit(0);
-# Check WordPress-Mu Security Bypass Attack
-if((wpmuVer[2] != NULL) && (!safe_checks()))
-{
- sndReq = http_get(item:string(wpmuVer[2], "/wp-login.php?action=rp&key[]="),
- port:wpmuPort);
- rcvRes = http_send_recv(port:wpmuPort, data:sndReq);
+sndReq = http_get(item:string(dir, "/wp-login.php?action=rp&key[]="),
+ port:wpmuPort);
- if("checkemail=newpass" >< rcvRes)
- {
- security_hole(wpmuPort);
- exit(0);
- }
-}
+rcvRes = http_send_recv(port:wpmuPort, data:sndReq);
-# Check for WordPress-Mu Version 2.8 < 2.8.4
-if(wpmuVer[1] != NULL)
+if("checkemail=newpass" >< rcvRes)
{
- if(version_in_range(version:wpmuVer[1], test_version:"2.8",
- test_version2:"2.8.3")){
- security_hole(wpmuPort);
- }
+ security_hole(wpmuPort);
+ exit(0);
}
Modified: trunk/openvas-plugins/scripts/secpod_wordpress_mult_plugins_sql_inj_vuln.nasl
===================================================================
--- trunk/openvas-plugins/scripts/secpod_wordpress_mult_plugins_sql_inj_vuln.nasl 2012-07-13 14:52:32 UTC (rev 13732)
+++ trunk/openvas-plugins/scripts/secpod_wordpress_mult_plugins_sql_inj_vuln.nasl 2012-07-13 16:14:22 UTC (rev 13733)
@@ -24,9 +24,12 @@
# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
###############################################################################
+SCRIPT_OID = "1.3.6.1.4.1.25623.1.0.902755";
+CPE = "cpe:/a:wordpress:wordpress";
+
if(description)
{
- script_id(902755);
+ script_oid(SCRIPT_OID);
script_version("$Revision$");
script_bugtraq_id(49382, 49381);
script_tag(name:"cvss_base", value:"7.5");
@@ -83,12 +86,11 @@
include("http_func.inc");
include("version_func.inc");
include("http_keepalive.inc");
+include("host_details.inc");
+
## Get HTTP Port
-port = get_http_port(default:80);
-if(!port){
- exit(0);
-}
+if(!port = get_app_port(cpe:CPE, nvt:SCRIPT_OID))exit(0);
## Check Host Supports PHP
if(!can_host_php(port:port)){
@@ -96,9 +98,7 @@
}
## Get WordPress Installed Location
-if(!dir = get_dir_from_kb(port:port, app:"WordPress")){
- exit(0);
-}
+if(!dir = get_app_location(cpe:CPE, nvt:SCRIPT_OID, port:port))exit(0);
## Make list of vulnerable pages
pages = make_list("/wp-content/plugins/crawlrate-tracker/sbtracking-chart-data.php?chart_data=1&page_url='",
Modified: trunk/openvas-plugins/scripts/secpod_wordpress_mult_vuln_aug09.nasl
===================================================================
--- trunk/openvas-plugins/scripts/secpod_wordpress_mult_vuln_aug09.nasl 2012-07-13 14:52:32 UTC (rev 13732)
+++ trunk/openvas-plugins/scripts/secpod_wordpress_mult_vuln_aug09.nasl 2012-07-13 16:14:22 UTC (rev 13733)
@@ -24,9 +24,12 @@
# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
###############################################################################
+SCRIPT_OID = "1.3.6.1.4.1.25623.1.0.900915";
+CPE = "cpe:/a:wordpress:wordpress";
+
if(description)
{
- script_id(900915);
+ script_oid(SCRIPT_OID);
script_version("$Revision$");
script_tag(name:"last_modification", value:"$Date$");
script_tag(name:"creation_date", value:"2009-08-20 09:27:17 +0200 (Thu, 20 Aug 2009)");
@@ -84,21 +87,22 @@
include("http_func.inc");
include("version_func.inc");
+include("host_details.inc");
+
# Get for WordPress Default Port
-wpPort = get_http_port(default:80);
+wpPort = get_app_port(cpe:CPE, nvt:SCRIPT_OID);
if(!wpPort){
exit(0);
}
# Get KB for WordPress Version
-wpVer = get_kb_item("www/" + wpPort + "/WordPress");
-wpVer = eregmatch(pattern:"^(.+) under (/.*)$", string:wpVer);
+wpVer = get_app_version(cpe:CPE, nvt:SCRIPT_OID, port:wpPort);
-if(wpVer[1] != NULL)
+if(wpVer != NULL)
{
# Check for WordPress Version prir to 2.8.3
- if(version_is_less(version:wpVer[1], test_version:"2.8.3")){
+ if(version_is_less(version:wpVer, test_version:"2.8.3")){
security_hole(wpPort);
}
}
Modified: trunk/openvas-plugins/scripts/secpod_wordpress_mult_vuln_nov09.nasl
===================================================================
--- trunk/openvas-plugins/scripts/secpod_wordpress_mult_vuln_nov09.nasl 2012-07-13 14:52:32 UTC (rev 13732)
+++ trunk/openvas-plugins/scripts/secpod_wordpress_mult_vuln_nov09.nasl 2012-07-13 16:14:22 UTC (rev 13733)
@@ -24,9 +24,12 @@
# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
###############################################################################
+SCRIPT_OID = "1.3.6.1.4.1.25623.1.0.900975";
+CPE = "cpe:/a:wordpress:wordpress";
+
if(description)
{
- script_id(900975);
+ script_oid(SCRIPT_OID);
script_version("$Revision$");
script_tag(name:"last_modification", value:"$Date$");
script_tag(name:"creation_date", value:"2009-11-20 06:52:52 +0100 (Fri, 20 Nov 2009)");
@@ -77,21 +80,22 @@
include("http_func.inc");
include("version_func.inc");
+include("host_details.inc");
+
# Get for WordPress Default Port
-wpPort = get_http_port(default:80);
+wpPort = get_app_port(cpe:CPE, nvt:SCRIPT_OID);
if(!wpPort){
exit(0);
}
# Get KB for WordPress Version
-wpVer = get_kb_item("www/" + wpPort + "/WordPress");
-wpVer = eregmatch(pattern:"^(.+) under (/.*)$", string:wpVer);
+wpVer = get_app_version(cpe:CPE, nvt:SCRIPT_OID, port:wpPort);
-if(wpVer[1] != NULL)
+if(wpVer != NULL)
{
# Check for WordPress Version prir to 2.8.6
- if(version_is_less(version:wpVer[1], test_version:"2.8.6")){
+ if(version_is_less(version:wpVer, test_version:"2.8.6")){
security_hole(wpPort);
}
}
Modified: trunk/openvas-plugins/scripts/secpod_wordpress_photoracer_plugin_id_sql_inj_vuln.nasl
===================================================================
--- trunk/openvas-plugins/scripts/secpod_wordpress_photoracer_plugin_id_sql_inj_vuln.nasl 2012-07-13 14:52:32 UTC (rev 13732)
+++ trunk/openvas-plugins/scripts/secpod_wordpress_photoracer_plugin_id_sql_inj_vuln.nasl 2012-07-13 16:14:22 UTC (rev 13733)
@@ -24,9 +24,12 @@
# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
###############################################################################
+SCRIPT_OID = "1.3.6.1.4.1.25623.1.0.901204";
+CPE = "cpe:/a:wordpress:wordpress";
+
if(description)
{
- script_id(901204);
+ script_oid(SCRIPT_OID);
script_version("$Revision$");
script_tag(name:"last_modification", value:"$Date$");
script_tag(name:"creation_date", value:"2011-08-29 16:22:41 +0200 (Mon, 29 Aug 2011)");
@@ -80,12 +83,11 @@
include("http_func.inc");
include("version_func.inc");
include("http_keepalive.inc");
+include("host_details.inc");
+
## Get HTTP Port
-port = get_http_port(default:80);
-if(!port){
- exit(0);
-}
+if(!port = get_app_port(cpe:CPE, nvt:SCRIPT_OID))exit(0);
## Check Host Supports PHP
if(!can_host_php(port:port)){
@@ -93,9 +95,7 @@
}
## Get WordPress Installed Location
-if(!dir = get_dir_from_kb(port:port, app:"WordPress")){
- exit(0);
-}
+if(!dir = get_app_location(cpe:CPE, nvt:SCRIPT_OID, port:port))exit(0);
## Construct the Attack Request
url = dir + "/wp-content/plugins/photoracer/viewimg.php?id=-1%20UNION%20" +
Modified: trunk/openvas-plugins/scripts/secpod_wordpress_php_code_exec_vuln_900183.nasl
===================================================================
--- trunk/openvas-plugins/scripts/secpod_wordpress_php_code_exec_vuln_900183.nasl 2012-07-13 14:52:32 UTC (rev 13732)
+++ trunk/openvas-plugins/scripts/secpod_wordpress_php_code_exec_vuln_900183.nasl 2012-07-13 16:14:22 UTC (rev 13733)
@@ -23,10 +23,12 @@
# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
###############################################################################
+SCRIPT_OID = "1.3.6.1.4.1.25623.1.0.900183";
+CPE = "cpe:/a:wordpress:wordpress";
if(description)
{
- script_id(900183);
+ script_oid(SCRIPT_OID);
script_version("$Revision$");
script_tag(name:"last_modification", value:"$Date$");
script_tag(name:"creation_date", value:"2008-12-26 14:23:17 +0100 (Fri, 26 Dec 2008)");
@@ -78,18 +80,22 @@
include("http_func.inc");
include("version_func.inc");
+include("host_details.inc");
-wpPort = get_http_port(default:80);
+
+wpPort = get_app_port(cpe:CPE, nvt:SCRIPT_OID);
if(!wpPort){
exit(0);
}
-wpVer = get_kb_item("www/" + wpPort + "/WordPress");
-wpVer = eregmatch(pattern:"^(.+) under (/.*)$", string:wpVer);
-if(wpVer[1] != NULL)
+
+if(!ver = get_app_version(cpe:CPE, nvt:SCRIPT_OID, port:wpPort))exit(0);
+
+
+if(ver != NULL)
{
# Grep for version 2.3.2 and prior
- if(version_is_less_equal(version:wpVer[1], test_version:"2.3.2")){
+ if(version_is_less_equal(version:ver, test_version:"2.3.2")){
security_hole(wpPort);
}
}
Modified: trunk/openvas-plugins/scripts/secpod_wordpress_php_files_info_disc_vuln.nasl
===================================================================
--- trunk/openvas-plugins/scripts/secpod_wordpress_php_files_info_disc_vuln.nasl 2012-07-13 14:52:32 UTC (rev 13732)
+++ trunk/openvas-plugins/scripts/secpod_wordpress_php_files_info_disc_vuln.nasl 2012-07-13 16:14:22 UTC (rev 13733)
@@ -24,9 +24,12 @@
# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
###############################################################################
+SCRIPT_OID = "1.3.6.1.4.1.25623.1.0.902741";
+CPE = "cpe:/a:wordpress:wordpress";
+
if(description)
{
- script_id(902741);
+ script_oid(SCRIPT_OID);
script_version("$Revision$");
script_tag(name:"last_modification", value:"$Date$");
script_tag(name:"creation_date", value:"2011-09-30 15:58:03 +0200 (Fri, 30 Sep 2011)");
@@ -75,22 +78,19 @@
include("http_func.inc");
include("version_func.inc");
include("http_keepalive.inc");
+include("host_details.inc");
+
## Get the HTTP Port
-port = get_http_port(default:80);
-if(!port){
- exit(0);
-}
+if(!port = get_app_port(cpe:CPE, nvt:SCRIPT_OID))exit(0);
+
## Check Host Supports PHP
if(!can_host_php(port:port)) {
exit(0);
}
## Get the version from KB
-dir = get_dir_from_kb(port:port,app:"WordPress");
-if(!dir){
- exit(0);
-}
+if(!dir = get_app_location(cpe:CPE, nvt:SCRIPT_OID, port:port))exit(0);
## Construct the Attack Request
url = dir + "/wp-admin/includes/user.php";
Modified: trunk/openvas-plugins/scripts/secpod_wordpress_register_plus_redux_mult_vuln.nasl
===================================================================
--- trunk/openvas-plugins/scripts/secpod_wordpress_register_plus_redux_mult_vuln.nasl 2012-07-13 14:52:32 UTC (rev 13732)
+++ trunk/openvas-plugins/scripts/secpod_wordpress_register_plus_redux_mult_vuln.nasl 2012-07-13 16:14:22 UTC (rev 13733)
@@ -24,9 +24,12 @@
# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
################################################################################
+SCRIPT_OID = "1.3.6.1.4.1.25623.1.0.902656";
+CPE = "cpe:/a:wordpress:wordpress";
+
if(description)
{
- script_id(902656);
+ script_oid(SCRIPT_OID);
script_version("$Revision$");
script_tag(name:"cvss_base", value:"5.0");
script_tag(name:"risk_factor", value:"Medium");
@@ -79,9 +82,11 @@
include("http_func.inc");
include("version_func.inc");
include("http_keepalive.inc");
+include("host_details.inc");
+
## Get HTTP Port
-wpPort = get_http_port(default:80);
+wpPort = get_app_port(cpe:CPE, nvt:SCRIPT_OID);
if(!wpPort){
exit(0);
}
@@ -92,9 +97,7 @@
}
## Get WordPress Directory
-if(!wpDir = get_dir_from_kb(port:wpPort, app:"WordPress")){
- exit(0);
-}
+if(!wpDir = get_app_location(cpe:CPE, nvt:SCRIPT_OID, port:wpPort))exit(0);
## Try an exploit
url = wpDir + "/wp-content/plugins/register-plus-redux/register-plus-redux.php";
Modified: trunk/openvas-plugins/scripts/secpod_wordpress_sec_bypass_vuln.nasl
===================================================================
--- trunk/openvas-plugins/scripts/secpod_wordpress_sec_bypass_vuln.nasl 2012-07-13 14:52:32 UTC (rev 13732)
+++ trunk/openvas-plugins/scripts/secpod_wordpress_sec_bypass_vuln.nasl 2012-07-13 16:14:22 UTC (rev 13733)
@@ -24,9 +24,12 @@
# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
###############################################################################
+SCRIPT_OID = "1.3.6.1.4.1.25623.1.0.900913";
+CPE = "cpe:/a:wordpress:wordpress";
+
if(description)
{
- script_id(900913);
+ script_oid(SCRIPT_OID);
script_version("$Revision$");
script_tag(name:"last_modification", value:"$Date$");
script_tag(name:"creation_date", value:"2009-08-20 09:27:17 +0200 (Thu, 20 Aug 2009)");
@@ -77,36 +80,23 @@
include("http_func.inc");
include("version_func.inc");
+include("host_details.inc");
+
# Get for WordPress Default Port
-wpPort = get_http_port(default:80);
+wpPort = get_app_port(cpe:CPE, nvt:SCRIPT_OID);
if(!wpPort){
exit(0);
}
-# Get KB for WordPress Version
-wpVer = get_kb_item("www/" + wpPort + "/WordPress");
-wpVer = eregmatch(pattern:"^(.+) under (/.*)$", string:wpVer);
+if(!dir = get_app_location(cpe:CPE, nvt:SCRIPT_OID, port:wpPort))exit(0);
-# Check WordPress Security Bypass Attack
-if((wpVer[2] != NULL) && (!safe_checks()))
-{
- sndReq = http_get(item:string(wpVer[2], "/wp-login.php?action=rp&key[]="),
- port:wpPort);
- rcvRes = http_send_recv(port:wpPort, data:sndReq);
+sndReq = http_get(item:string(dir, "/wp-login.php?action=rp&key[]="),
+ port:wpPort);
+rcvRes = http_send_recv(port:wpPort, data:sndReq);
- if("checkemail=newpass" >< rcvRes)
- {
- security_hole(wpPort);
- exit(0);
- }
-}
-
-# Check for WordPress Version 2.8 < 2.8.4
-if(wpVer[1] != NULL)
+if("checkemail=newpass" >< rcvRes)
{
- if(version_in_range(version:wpVer[1], test_version:"2.8",
- test_version2:"2.8.3")){
- security_hole(wpPort);
- }
+ security_hole(wpPort);
+ exit(0);
}
Modified: trunk/openvas-plugins/scripts/secpod_wordpress_universal_post_mgr_plug_mult_xss.nasl
===================================================================
--- trunk/openvas-plugins/scripts/secpod_wordpress_universal_post_mgr_plug_mult_xss.nasl 2012-07-13 14:52:32 UTC (rev 13732)
+++ trunk/openvas-plugins/scripts/secpod_wordpress_universal_post_mgr_plug_mult_xss.nasl 2012-07-13 16:14:22 UTC (rev 13733)
@@ -24,9 +24,12 @@
# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
###############################################################################
+SCRIPT_OID = "1.3.6.1.4.1.25623.1.0.802018";
+CPE = "cpe:/a:wordpress:wordpress";
+
if(description)
{
- script_id(802018);
+ script_oid(SCRIPT_OID);
script_version("$Revision$");
script_tag(name:"last_modification", value:"$Date$");
script_tag(name:"creation_date", value:"2011-05-02 12:20:04 +0200 (Mon, 02 May 2011)");
@@ -85,12 +88,11 @@
include("http_func.inc");
include("version_func.inc");
include("http_keepalive.inc");
+include("host_details.inc");
+
## Get HTTP Port
-port = get_http_port(default:80);
-if(!port){
- exit(0);
-}
+if(!port = get_app_port(cpe:CPE, nvt:SCRIPT_OID))exit(0);
## Check host supports PHP
if(!can_host_php(port:port)){
@@ -98,9 +100,7 @@
}
## Get WordPress Installed Location
-if(!dir = get_dir_from_kb(port:port, app:"WordPress")){
- exit(0);
-}
+if(!dir = get_app_location(cpe:CPE, nvt:SCRIPT_OID, port:port))exit(0);
## Path of Vulnerable Page
url = dir + "/wp-content/plugins/universal-post-manager/template/bookmarks_" +
Modified: trunk/openvas-plugins/scripts/secpod_wordpress_wp_css_lfi_vuln.nasl
===================================================================
--- trunk/openvas-plugins/scripts/secpod_wordpress_wp_css_lfi_vuln.nasl 2012-07-13 14:52:32 UTC (rev 13732)
+++ trunk/openvas-plugins/scripts/secpod_wordpress_wp_css_lfi_vuln.nasl 2012-07-13 16:14:22 UTC (rev 13733)
@@ -24,6 +24,9 @@
# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
###############################################################################
+SCRIPT_OID = "1.3.6.1.4.1.25623.1.0.902723";
+CPE = "cpe:/a:wordpress:wordpress";
+
if(description)
{
script_id(902723);
@@ -77,12 +80,11 @@
include("http_func.inc");
include("version_func.inc");
include("http_keepalive.inc");
+include("host_details.inc");
+
## Get HTTP Port
-port = get_http_port(default:80);
-if(!port){
- exit(0);
-}
+if(!port = get_app_port(cpe:CPE, nvt:SCRIPT_OID))exit(0);
## Check Host Supports PHP
if(!can_host_php(port:port)){
@@ -90,9 +92,7 @@
}
## Get WordPress Installed Location
-if(!dir = get_dir_from_kb(port:port, app:"WordPress")){
- exit(0);
-}
+if(!dir = get_app_location(cpe:CPE, nvt:SCRIPT_OID, port:port))exit(0);
## Construct attack
url = string(dir, "/wp-content/plugins/wp-css/wp-css-compress.php?f=",
Modified: trunk/openvas-plugins/scripts/secpod_wordpress_wp_stats_dashboard_mult_xss_vuln.nasl
===================================================================
--- trunk/openvas-plugins/scripts/secpod_wordpress_wp_stats_dashboard_mult_xss_vuln.nasl 2012-07-13 14:52:32 UTC (rev 13732)
+++ trunk/openvas-plugins/scripts/secpod_wordpress_wp_stats_dashboard_mult_xss_vuln.nasl 2012-07-13 16:14:22 UTC (rev 13733)
@@ -24,9 +24,12 @@
# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
###############################################################################
+SCRIPT_OID = "1.3.6.1.4.1.25623.1.0.902713";
+CPE = "cpe:/a:wordpress:wordpress";
+
if(description)
{
- script_id(902713);
+ script_oid(SCRIPT_OID);
script_version("$Revision$");
script_tag(name:"last_modification", value:"$Date$");
script_tag(name:"creation_date", value:"2011-08-23 07:05:00 +0200 (Tue, 23 Aug 2011)");
@@ -84,12 +87,11 @@
include("http_func.inc");
include("version_func.inc");
include("http_keepalive.inc");
+include("host_details.inc");
+
## Get HTTP Port
-port = get_http_port(default:80);
-if(!port){
- exit(0);
-}
+if(!port = get_app_port(cpe:CPE, nvt:SCRIPT_OID))exit(0);
## Check host supports PHP
if(!can_host_php(port:port)){
@@ -97,9 +99,7 @@
}
## Get WordPress Installed Location
-if(!dir = get_dir_from_kb(port:port, app:"WordPress")){
- exit(0);
-}
+if(!dir = get_app_location(cpe:CPE, nvt:SCRIPT_OID, port:port))exit(0);
## Path of Vulnerable Page
url = dir + "/wp-content/plugins/wp-stats-dashboard/view/admin/blocks/" +
Modified: trunk/openvas-plugins/scripts/secpod_wordpress_wptouch_url_redirection_vuln.nasl
===================================================================
--- trunk/openvas-plugins/scripts/secpod_wordpress_wptouch_url_redirection_vuln.nasl 2012-07-13 14:52:32 UTC (rev 13732)
+++ trunk/openvas-plugins/scripts/secpod_wordpress_wptouch_url_redirection_vuln.nasl 2012-07-13 16:14:22 UTC (rev 13733)
@@ -24,9 +24,12 @@
# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
###############################################################################
+SCRIPT_OID = "1.3.6.1.4.1.25623.1.0.902384";
+CPE = "cpe:/a:wordpress:wordpress";
+
if(description)
{
- script_id(902384);
+ script_oid(SCRIPT_OID);
script_version("$Revision$");
script_tag(name:"last_modification", value:"$Date$");
script_tag(name:"creation_date", value:"2011-06-24 16:31:03 +0200 (Fri, 24 Jun 2011)");
@@ -77,12 +80,11 @@
include("http_func.inc");
include("version_func.inc");
include("http_keepalive.inc");
+include("host_details.inc");
+
## Get HTTP Port
-port = get_http_port(default:80);
-if(!port){
- exit(0);
-}
+if(!port = get_app_port(cpe:CPE, nvt:SCRIPT_OID))exit(0);
## Check host supports PHP
if(!can_host_php(port:port)){
@@ -90,9 +92,7 @@
}
## Get WordPress Installed Location
-if(!dir = get_dir_from_kb(port:port, app:"WordPress")){
- exit(0);
-}
+if(!dir = get_app_location(cpe:CPE, nvt:SCRIPT_OID, port:port))exit(0);
## Construct the request
sndReq = http_get(item:string(dir, "/?wptouch_view=normal&wptouch_redirect=",
Modified: trunk/openvas-plugins/scripts/secpod_wordpress_wptrackback_dos_vuln.nasl
===================================================================
--- trunk/openvas-plugins/scripts/secpod_wordpress_wptrackback_dos_vuln.nasl 2012-07-13 14:52:32 UTC (rev 13732)
+++ trunk/openvas-plugins/scripts/secpod_wordpress_wptrackback_dos_vuln.nasl 2012-07-13 16:14:22 UTC (rev 13733)
@@ -24,9 +24,12 @@
# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
###############################################################################
+SCRIPT_OID = "1.3.6.1.4.1.25623.1.0.900968";
+CPE = "cpe:/a:wordpress:wordpress";
+
if(description)
{
- script_id(900968);
+ script_oid(SCRIPT_OID);
script_version("$Revision$");
script_tag(name:"last_modification", value:"$Date$");
script_tag(name:"creation_date", value:"2009-10-29 07:53:15 +0100 (Thu, 29 Oct 2009)");
@@ -76,18 +79,18 @@
include("http_func.inc");
include("version_func.inc");
+include("host_details.inc");
-wpPort = get_http_port(default:80);
+wpPort = get_app_port(cpe:CPE, nvt:SCRIPT_OID);
if(!wpPort){
exit(0);
}
-wpVer = get_kb_item("www/" + wpPort + "/WordPress");
-wpVer = eregmatch(pattern:"^(.+) under (/.*)$", string:wpVer);
+if(!ver = get_app_version(cpe:CPE, nvt:SCRIPT_OID, port:wpPort))exit(0);
-if(wpVer[1] != NULL)
+if(ver != NULL)
{
- if(version_is_less(version:wpVer[1], test_version:"2.8.5")){
+ if(version_is_less(version:ver, test_version:"2.8.5")){
security_warning(wpPort);
}
}
Modified: trunk/openvas-plugins/scripts/secpod_wordpress_zingiri_web_shop_mult_xss_vuln.nasl
===================================================================
--- trunk/openvas-plugins/scripts/secpod_wordpress_zingiri_web_shop_mult_xss_vuln.nasl 2012-07-13 14:52:32 UTC (rev 13732)
+++ trunk/openvas-plugins/scripts/secpod_wordpress_zingiri_web_shop_mult_xss_vuln.nasl 2012-07-13 16:14:22 UTC (rev 13733)
@@ -24,9 +24,12 @@
# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
###############################################################################
+SCRIPT_OID = "1.3.6.1.4.1.25623.1.0.902831";
+CPE = "cpe:/a:wordpress:wordpress";
+
if(description)
{
- script_id(902831);
+ script_oid(SCRIPT_OID);
script_version("$Revision$");
script_tag(name:"cvss_base", value:"4.3");
script_tag(name:"cvss_base_vector", value:"AV:N/AC:M/Au:N/C:N/I:P/A:N");
@@ -78,17 +81,16 @@
include("http_func.inc");
include("version_func.inc");
include("http_keepalive.inc");
+include("host_details.inc");
+
## Variable Initialization
dir = "";
url = "";
port = 0;
## Get HTTP Port
-port = get_http_port(default:80);
-if(!port){
- exit(0);
-}
+if(!port = get_app_port(cpe:CPE, nvt:SCRIPT_OID))exit(0);
## Check Host Supports PHP
if(!can_host_php(port:port)){
@@ -96,10 +98,9 @@
}
## Get WordPress Installed Location
-if(!dir = get_dir_from_kb(port:port, app:"WordPress")){
- exit(0);
-}
+if(!dir = get_app_location(cpe:CPE, nvt:SCRIPT_OID, port:port))exit(0);
+
## Construct the Attack Request
url = dir + '/?page="><script>alert(document.cookie)</script>';
Modified: trunk/openvas-plugins/scripts/secpod_wordpress_zingiri_web_shop_rfi_vuln.nasl
===================================================================
--- trunk/openvas-plugins/scripts/secpod_wordpress_zingiri_web_shop_rfi_vuln.nasl 2012-07-13 14:52:32 UTC (rev 13732)
+++ trunk/openvas-plugins/scripts/secpod_wordpress_zingiri_web_shop_rfi_vuln.nasl 2012-07-13 16:14:22 UTC (rev 13733)
@@ -24,9 +24,12 @@
# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
###############################################################################
+SCRIPT_OID = "1.3.6.1.4.1.25623.1.0.902729";
+CPE = "cpe:/a:wordpress:wordpress";
+
if(description)
{
- script_id(902729);
+ script_oid(SCRIPT_OID);
script_version("$Revision$");
script_tag(name:"last_modification", value:"$Date$");
script_tag(name:"creation_date", value:"2011-09-22 10:24:03 +0200 (Thu, 22 Sep 2011)");
@@ -81,10 +84,7 @@
include("http_keepalive.inc");
## Get HTTP Port
-port = get_http_port(default:80);
-if(!port){
- exit(0);
-}
+if(!port = get_app_port(cpe:CPE, nvt:SCRIPT_OID))exit(0);
## Check Host Supports PHP
if(!can_host_php(port:port)){
@@ -92,9 +92,7 @@
}
## Get WordPress Installed Location
-if(!dir = get_dir_from_kb(port:port, app:"WordPress")){
- exit(0);
-}
+if(!dir = get_app_location(cpe:CPE, nvt:SCRIPT_OID, port:port))exit(0);
## traversal_files() function Returns Dictionary (i.e key value pair)
## Get Content to be checked and file to be check
Modified: trunk/openvas-plugins/scripts/wordpress_37005.nasl
===================================================================
--- trunk/openvas-plugins/scripts/wordpress_37005.nasl 2012-07-13 14:52:32 UTC (rev 13732)
+++ trunk/openvas-plugins/scripts/wordpress_37005.nasl 2012-07-13 16:14:22 UTC (rev 13733)
@@ -24,9 +24,12 @@
# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
###############################################################################
+SCRIPT_OID = "1.3.6.1.4.1.25623.1.0.100345";
+CPE = "cpe:/a:wordpress:wordpress";
+
if (description)
{
- script_id(100345);
+ script_oid(SCRIPT_OID);
script_version("$Revision$");
script_tag(name:"last_modification", value:"$Date$");
script_tag(name:"creation_date", value:"2009-11-13 18:49:45 +0100 (Fri, 13 Nov 2009)");
@@ -76,17 +79,16 @@
include("http_func.inc");
include("version_func.inc");
+include("host_details.inc");
-port = get_http_port(default:80);
+
+if(!port = get_app_port(cpe:CPE, nvt:SCRIPT_OID))exit(0);
if(!get_port_state(port))exit(0);
if (!can_host_php(port:port)) exit(0);
-if(!version = get_kb_item(string("www/", port, "/WordPress")))exit(0);
-if(!matches = eregmatch(string:version, pattern:"^(.+) under (/.*)$"))exit(0);
+if(!vers = get_app_version(cpe:CPE, nvt:SCRIPT_OID, port:port))exit(0);
-vers = matches[1];
-
if(!isnull(vers) && vers >!< "unknown") {
if(version_is_less(version: vers, test_version: "2.8.6")) {
Modified: trunk/openvas-plugins/scripts/wordpress_38368.nasl
===================================================================
--- trunk/openvas-plugins/scripts/wordpress_38368.nasl 2012-07-13 14:52:32 UTC (rev 13732)
+++ trunk/openvas-plugins/scripts/wordpress_38368.nasl 2012-07-13 16:14:22 UTC (rev 13733)
@@ -24,9 +24,12 @@
# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
###############################################################################
+SCRIPT_OID = "1.3.6.1.4.1.25623.1.0.100505";
+CPE = "cpe:/a:wordpress:wordpress";
+
if (description)
{
- script_id(100505);
+ script_oid(SCRIPT_OID);
script_version("$Revision$");
script_tag(name:"last_modification", value:"$Date$");
script_tag(name:"creation_date", value:"2010-02-24 18:35:31 +0100 (Wed, 24 Feb 2010)");
@@ -70,17 +73,15 @@
include("http_func.inc");
include("version_func.inc");
+include("host_details.inc");
-port = get_http_port(default:80);
+if(!port = get_app_port(cpe:CPE, nvt:SCRIPT_OID))exit(0);
if(!get_port_state(port))exit(0);
if (!can_host_php(port:port)) exit(0);
-if(!version = get_kb_item(string("www/", port, "/WordPress")))exit(0);
-if(!matches = eregmatch(string:version, pattern:"^(.+) under (/.*)$"))exit(0);
+if(!vers = get_app_version(cpe:CPE, nvt:SCRIPT_OID, port:port))exit(0);
-vers = matches[1];
-
if(!isnull(vers) && vers >!< "unknown") {
if(version_is_less(version: vers, test_version: "2.9.2")) {
More information about the Openvas-commits
mailing list