[Openvas-devel] [Openvas-commits] r4805 -trunk/openvas-plugins/scripts

Chandrashekhar B bchandra at secpod.com
Wed Sep 2 07:38:29 CEST 2009


Hello Christian,

I have added socket functions inside if(soc) which resolves the dump errors.
Before calling the functions such as send(), close(), there should always be
a check soc either,

If(soc) or if(!soc) exit(0)

Also there are few more problems in the plugin,

In ln 114, you are constructing a complete HTTP GET request and then calling
http_get() function, http_get itself will do all these, just need to pass
the URL. In this case http_get() is returning a wrong HTTP request.

Thanks,
Chandra.


-----Original Message-----
From: openvas-devel-bounces at wald.intevation.org
[mailto:openvas-devel-bounces at wald.intevation.org] On Behalf Of Christian
Eric Edjenguele
Sent: Tuesday, September 01, 2009 9:52 PM
To: openvas-devel at wald.intevation.org
Subject: Re: [Openvas-devel] [Openvas-commits] r4805
-trunk/openvas-plugins/scripts

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Hi Chandra, I'm not certain about changes in this code, Jan told me
about some errors, but does identation solves the problem ?

thanks.

scm-commit at wald.intevation.org wrote:
> Author: chandra
> Date: 2009-09-01 12:58:12 +0200 (Tue, 01 Sep 2009)
> New Revision: 4805
> 
> Modified:
>    trunk/openvas-plugins/scripts/remote-MS04-017.nasl
> Log:
> Updated to resolve the issue in dump messages
> 
> Modified: trunk/openvas-plugins/scripts/remote-MS04-017.nasl
> ===================================================================
> --- trunk/openvas-plugins/scripts/remote-MS04-017.nasl	2009-09-01
09:22:54 UTC (rev 4804)
> +++ trunk/openvas-plugins/scripts/remote-MS04-017.nasl	2009-09-01
10:58:12 UTC (rev 4805)
> @@ -108,19 +108,22 @@
>  	foreach page (pages)
>  	{
>  		soc = open_sock_tcp(port);
> -		# build the malicious request
> -		request = page +
'/crystalimagehandler.aspx?dynamicimage=../../../../../../../../../boot.ini'
;
> +                if(soc)
> +                {
> +		  # build the malicious request
> +		  request = page +
'/crystalimagehandler.aspx?dynamicimage=../../../../../../../../../boot.ini'
;
>  		
> -		qry = string('GET ' + request + ' HTTP/1.0\r\n',
> - 			  'Host: ' + h_ip + ':' + port + '\r\n\r\n');
> +		  qry = string('GET ' + request + ' HTTP/1.0\r\n',
> + 		  	       'Host: ' + h_ip + ':' + port + '\r\n\r\n');
>  		
> -		req = http_get(item:qry, port:port);
> -		send(socket:soc, data: req);
> +		  req = http_get(item:qry, port:port);
> +		  send(socket:soc, data: req);
>  
> -		# Get back the response
> -		reply = recv(socket:soc, length:4096);
> +		  # Get back the response
> +		  reply = recv(socket:soc, length:4096);
>  
> -		close(soc);
> +		  close(soc);
> +                }
>  
>  		if(reply)
>  		{
> 
> _______________________________________________
> Openvas-commits mailing list
> Openvas-commits at wald.intevation.org
> http://lists.wald.intevation.org/mailman/listinfo/openvas-commits


- --
Christian Eric Edjenguele
IT Security Engineer
PGP KeyID: 0xB1654498

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/

iQEcBAEBAgAGBQJKnUoMAAoJENETScWxZUSYfFgH/jgW7VwvG8fPAcfbI1P8IXwB
XwgrzX2rha7Qqqrceswpkyh+qVwt9X4RTeKQRVlLnKCZBT7pqEXWdAvlYsNdQcEP
wkMYLl/D5BLWyDNAJ/FaEfyq9PXgz/jjg7l0Y8MSy5hF9J5zoL5IQSwIO2RTDqYx
rjVgYHX3h+Vkr08Y6V7hbpVrVQfnvJmaMWx+kis6SUyAdJti6C6Nz4SCRcwn1j7l
yQFQZCU4GfMCYGVwwbuPZZh2n4GVgLEQ4p4kkFCe+K364t+wVSNem5WrFsD68MCS
WEcYt0eq78pCN9TqYNyDU+X4I1lggJQbVRHmE6U+Dh/L0wEu1dUoM3D701C56h4=
=xhPQ
-----END PGP SIGNATURE-----
_______________________________________________
Openvas-devel mailing list
Openvas-devel at wald.intevation.org
http://lists.wald.intevation.org/mailman/listinfo/openvas-devel



More information about the Openvas-devel mailing list