[Openvas-commits] r13746 - in trunk/openvas-plugins: . scripts
scm-commit at wald.intevation.org
scm-commit at wald.intevation.org
Wed Jul 18 18:03:40 CEST 2012
Author: mime
Date: 2012-07-18 18:03:39 +0200 (Wed, 18 Jul 2012)
New Revision: 13746
Added:
trunk/openvas-plugins/scripts/gb_vivotek_network_cameras_54476.nasl
Modified:
trunk/openvas-plugins/ChangeLog
trunk/openvas-plugins/scripts/gb_EditWrxLite_51995.nasl
trunk/openvas-plugins/scripts/gb_kerio_winroute_firewall_53460.nasl
trunk/openvas-plugins/scripts/host_details.inc
Log:
Added new plugin. Removed debug output. get_app(): Do not fork for each entry under "HostDetails/NVT".
Modified: trunk/openvas-plugins/ChangeLog
===================================================================
--- trunk/openvas-plugins/ChangeLog 2012-07-18 14:45:16 UTC (rev 13745)
+++ trunk/openvas-plugins/ChangeLog 2012-07-18 16:03:39 UTC (rev 13746)
@@ -1,3 +1,15 @@
+2012-07-18 Michael Meyer <michael.meyer at greenbone.net>
+
+ * scripts/gb_vivotek_network_cameras_54476.nasl:
+ Added new plugin.
+
+ * scripts/gb_kerio_winroute_firewall_53460.nasl,
+ scripts/gb_EditWrxLite_51995.nasl:
+ Removed debug output.
+
+ * scripts/host_details.inc:
+ get_app(): Don't fork for each entry under "HostDetails/NVT".
+
2012-07-18 Antu Sanadi <santu at secpod.com>
* scripts/secpod_ms_win_xp_spi_dos_vuln.nasl:
Modified: trunk/openvas-plugins/scripts/gb_EditWrxLite_51995.nasl
===================================================================
--- trunk/openvas-plugins/scripts/gb_EditWrxLite_51995.nasl 2012-07-18 14:45:16 UTC (rev 13745)
+++ trunk/openvas-plugins/scripts/gb_EditWrxLite_51995.nasl 2012-07-18 16:03:39 UTC (rev 13746)
@@ -78,7 +78,7 @@
url = string(dir, "/wrx.cgi?download=;id|");
- if(http_vuln_check(port:port, url:url,pattern:"uid=[0-9]+.*gid=[0-9]+.*",debug:TRUE)) {
+ if(http_vuln_check(port:port, url:url,pattern:"uid=[0-9]+.*gid=[0-9]+.*")) {
security_hole(port:port);
exit(0);
}
Modified: trunk/openvas-plugins/scripts/gb_kerio_winroute_firewall_53460.nasl
===================================================================
--- trunk/openvas-plugins/scripts/gb_kerio_winroute_firewall_53460.nasl 2012-07-18 14:45:16 UTC (rev 13745)
+++ trunk/openvas-plugins/scripts/gb_kerio_winroute_firewall_53460.nasl 2012-07-18 16:03:39 UTC (rev 13746)
@@ -78,7 +78,7 @@
url = '/nonauth/login.php%00.txt';
-if(http_vuln_check(port:port, url:url,pattern:"require_once",extra_check:make_list("configNonauth","CORE_PATH"),debug:TRUE)) {
+if(http_vuln_check(port:port, url:url,pattern:"require_once",extra_check:make_list("configNonauth","CORE_PATH"))) {
security_hole(port:port);
exit(0);
Added: trunk/openvas-plugins/scripts/gb_vivotek_network_cameras_54476.nasl
===================================================================
--- trunk/openvas-plugins/scripts/gb_vivotek_network_cameras_54476.nasl (rev 0)
+++ trunk/openvas-plugins/scripts/gb_vivotek_network_cameras_54476.nasl 2012-07-18 16:03:39 UTC (rev 13746)
@@ -0,0 +1,81 @@
+###############################################################################
+# OpenVAS Vulnerability Test
+# $Id$
+#
+# Vivotek Network Cameras Information Disclosure Vulnerability
+#
+# Authors:
+# Michael Meyer <michael.meyer at greenbone.net>
+#
+# Copyright:
+# Copyright (c) 2012 Greenbone Networks GmbH
+#
+# This program is free software; you can redistribute it and/or
+# modify it under the terms of the GNU General Public License
+# as published by the Free Software Foundation; either version 2
+# of the License, or (at your option) any later version.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, write to the Free Software
+# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
+###############################################################################
+
+SCRIPT_OID = "1.3.6.1.4.1.25623.1.0.103521";
+
+if (description)
+{
+ script_oid(SCRIPT_OID);
+ script_bugtraq_id(54476);
+ script_version ("$Revision$");
+ script_tag(name:"cvss_base", value:"5.0");
+ script_tag(name:"cvss_base_vector", value:"AV:N/AC:L/AU:N/C:P/I:N/A:N");
+
+ script_name("Vivotek Network Cameras Information Disclosure Vulnerability");
+
+desc = "Overview:
+Vivotek Network Cameras are prone to an information-disclosure
+vulnerability.
+
+Successful exploits will allow a remote attacker to gain access
+to sensitive information. Information obtained will aid in
+further attacks.
+
+References:
+http://www.securityfocus.com/bid/54476";
+
+ script_tag(name:"risk_factor", value:"Medium");
+ script_tag(name:"last_modification", value:"$Date$");
+ script_tag(name:"creation_date", value:"2012-07-17 14:10:13 +0200 (Tue, 17 Jul 2012)");
+ script_description(desc);
+ script_summary("Determine if getparam.cgi disclosure information");
+ script_category(ACT_ATTACK);
+ script_family("Web application abuses");
+ script_copyright("This script is Copyright (C) 2012 Greenbone Networks GmbH");
+ script_dependencies("find_service.nes", "http_version.nasl");
+ script_require_ports("Services/www", 80);
+ script_exclude_keys("Settings/disable_cgi_scanning");
+ exit(0);
+}
+
+include("http_func.inc");
+include("http_keepalive.inc");
+
+port = get_http_port(default:80);
+if(!get_port_state(port))exit(0);
+
+url = '/cgi-bin/admin/getparam.cgi';
+
+if(http_vuln_check(port:port, url:url,pattern:"system_hostname")) {
+
+ security_warning(port:port);
+ exit(0);
+
+}
+
+exit(0);
+
Property changes on: trunk/openvas-plugins/scripts/gb_vivotek_network_cameras_54476.nasl
___________________________________________________________________
Added: svn:keywords
+ Id Revision Date
Modified: trunk/openvas-plugins/scripts/host_details.inc
===================================================================
--- trunk/openvas-plugins/scripts/host_details.inc 2012-07-18 14:45:16 UTC (rev 13745)
+++ trunk/openvas-plugins/scripts/host_details.inc 2012-07-18 16:03:39 UTC (rev 13746)
@@ -336,39 +336,44 @@
}
function get_app(cpe, nvt) {
- local_var oid, candidate_cpe, res, port;
+ local_var host_details, host_detail, res, port;
- oid = get_kb_item("HostDetails/NVT");
- if (isnull(oid)) {
- return NULL;
- }
+ host_details = get_kb_list("HostDetails/NVT/*");
- candidate_cpe = get_kb_item("HostDetails/NVT/" + oid + "/App");
+ if(!host_details) return NULL;
- if (!eregmatch(pattern:cpe, string:candidate_cpe, icase:TRUE)) {
- return NULL;
- }
+ foreach host_detail (keys(host_details)) {
- res = make_array();
+ if(cpe >< host_detail) {
- res["OID"] = oid;
- res["CPE"] = candidate_cpe;
+ host_values = split(host_detail, sep:"/", keep:FALSE);
- port = get_kb_item("HostDetails/NVT/" + oid + "/port");
+ if(isnull(host_values[2]) || isnull(host_values[4]) || "cpe:" >!< host_values[3]) return NULL;
- if(port) {
- res["port"] = port;
- }
+ res = make_array();
- # Fork if several instances were detected (multiple locations)
- location = get_kb_item("HostDetails/NVT/" + oid + "/" + candidate_cpe);
- res["LOCATION"] = location;
+ res["OID"] = host_values[2];
+ res["CPE"] = 'cpe:/' + host_values[4];
- # Store link between scripts.
- register_host_detail(name:"detected_by", value:oid, nvt:nvt);
- register_host_detail(name:"detected_at", value:location, nvt:nvt);
+ port = get_kb_item("HostDetails/NVT/" + res["OID"] + "/port"); # this could fork
- return res;
+ if(port) {
+ res["port"] = port;
+ }
+
+ location = get_kb_item("HostDetails/NVT/" + res["OID"] + "/" + res["CPE"]); # this could fork
+ res["LOCATION"] = location;
+
+ # Store link between scripts.
+ register_host_detail(name:"detected_by", value:res["OID"], nvt:nvt);
+ register_host_detail(name:"detected_at", value:location, nvt:nvt);
+
+ return res;
+
+ }
+ }
+
+ return NULL;
}
function get_app_version(cpe, nvt, port) {
@@ -448,7 +453,7 @@
if(!version) version = 'unknown';
- report = 'Detected "' + app + '" version: ' + version +
+ report = 'Detected ' + app + ' version: ' + version +
'\nLocation: ' + install;
if(strlen(cpe) > 0) {
More information about the Openvas-commits
mailing list