'[Plugins-writers] Talentsoft webplus reveals path'

[prev in list] [next in list] [prev in thread] [next in thread] 

List:       nessus-plugins-writers
Subject:    [Plugins-writers] Talentsoft webplus reveals path
From:       dave () norootsquash ! net
Date:       2004-02-23 8:53:38
Message-ID: 20040223085338.GA28868 () squash
[Download RAW message or body]

plugin attached.

-dave



["webplus_install_path.nasl" (text/plain)]

#
# This script was written by David Kyger <david_kyger@symantec.com>
#
# See the Nessus Scripts License for details
#

if(description)
{
  script_id();
  script_version ("$Revision: 1.0 $");
# script_bugtraq_id();
# script_cve_id("");

 name["english"] = "Talentsoft Web+ reveals install path";
 script_name(english:name["english"]);

 desc["english"] = "
The Talentsoft Web+ application server will reveal the physical path of the \
application when it receives a script file error.

Example: http://<host>/cgi-bin/webplus.exe?script=

Risk Factor : Low";

 script_description(english:desc["english"]);

 summary["english"] = "Checks for Webplus install path disclosure";

 script_summary(english:summary["english"]);

 script_category(ACT_GATHER_INFO);

 script_copyright(english:"This script is Copyright (C) 2004 David Kyger");
 family["english"] = "CGI abuses";
 script_family(english:family["english"]);
 script_dependencie("find_service.nes", "http_version.nasl");
 script_require_ports("Services/www", 80);
 exit(0);
}

#
# The script code starts here
#
include("http_func.inc");
include("http_keepalive.inc");

warning = string("
The Talentsoft Web+ application server is revealing the physical path of the \
application when it receives a script file error.

The webplus install path follows:");

url = "/cgi-bin/webplus.exe?script=";

port = get_kb_item("Services/www");
if (!port) port = 80;

if(get_port_state(port))
 {
  soc = http_open_socket(port);
  if (soc)
  {
    req = http_get(item:url, port:port);
    send(socket:soc, data:req);
    buf = http_recv(socket:soc);
    http_close_socket(soc);
    if ("Web+ Error Message" >< buf)
    {
    path = strstr(buf, " '");
    path = ereg_replace(pattern:" and.*$", replace:"",string:path);
    warning = warning + string("\n", path) + "

Solution : Apply the vendor supplied patch and specify a redirect URL.
See Also: http://www.talentsoft.com/Issues/IssueDetail.wml?ID=WP197
Risk factor : Low";
     security_warning(port:port, data:warning);
    }
  }
 }



[prev in list] [next in list] [prev in thread] [next in thread]
Configure | About | News | Add a list | Sponsored by KoreLogic