[prev in list] [next in list] [prev in thread] [next in thread] 

List:       openvas-cvs
Subject:    [Openvas-commits] r3196 - in trunk/openvas-plugins: . scripts
From:       scm-commit () wald ! intevation ! org
Date:       2009-04-25 19:03:36
Message-ID: 20090425190336.283F31C095 () pyrosoma ! intevation ! org
[Download RAW message or body]

Author: edjenguele
Date: 2009-04-25 21:03:34 +0200 (Sat, 25 Apr 2009)
New Revision: 3196

Added:
   trunk/openvas-plugins/scripts/remote-ApacheOfbiz-defaultPwd.nasl
Modified:
   trunk/openvas-plugins/ChangeLog
Log:
Added Apache OFBiz default administrator username and password vulnerability check


Modified: trunk/openvas-plugins/ChangeLog
===================================================================
--- trunk/openvas-plugins/ChangeLog	2009-04-24 19:45:26 UTC (rev 3195)
+++ trunk/openvas-plugins/ChangeLog	2009-04-25 19:03:34 UTC (rev 3196)
@@ -1,11 +1,14 @@
 2009-04-24 Christian Eric Edjenguele <christian.edjenguele@owasp.org>
+	* scripts/remote-ApacheOfbiz-defaultPwd.nasl:
+	Added new script
+
+2009-04-24 Christian Eric Edjenguele <christian.edjenguele@owasp.org>
 	* scripts/remote-ApacheOfbiz-htmlInjection.nasl,
 	* scripts/remote-detect-ApacheOfbiz.nasl,
 	* scripts/remote-Opentaps-htmlIjection.nasl:
 	Added new script remote-Opentaps-htmlIjection.nasl
 	Modified ofbiz scripts
 	
-
 2009-04-24 Michael Meyer <mime@gmx.de>
 	* scripts/dokeos_34633.nasl,
 	scripts/notftp_detect.nasl,

Added: trunk/openvas-plugins/scripts/remote-ApacheOfbiz-defaultPwd.nasl
===================================================================
--- trunk/openvas-plugins/scripts/remote-ApacheOfbiz-defaultPwd.nasl	2009-04-24 \
                19:45:26 UTC (rev 3195)
+++ trunk/openvas-plugins/scripts/remote-ApacheOfbiz-defaultPwd.nasl	2009-04-25 \
19:03:34 UTC (rev 3196) @@ -0,0 +1,107 @@
+# OpenVAS Vulnerability Test
+# $Id$
+# Description: 
+# This script the Apache Open For Business (Apache OFBiz) default administrator \
credentials vulnerability +#
+# remote-detect-ApacheOfbiz.nasl
+#
+# Author:
+# Christian Eric Edjenguele <christian.edjenguele@owasp.org>
+#
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License version 2 and later,
+# as published by the Free Software Foundation
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, write to the Free Software
+# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
+#
+
+
+
+if(description)
+{
+script_id(101023);
+name["english"] = "Apache Open For Business Weak Password security check";
+script_name(english:name["english"]);
+ 
+desc["english"] = "
+The remote host is running the Apache OFBiz with default administrator username and \
password.  +Apache OFBiz is an Apache Top Level Project. 
+As automation software it comprises a mature suite of enterprise applications that \
integrate  +and automate many of the business processes of an enterprise.
+
+Impact:
+This allow an attacker to gain administrative access to the remote application
+
+Solution :
+You must change the default settings if you want to run it for production purposes,
+please refer to Apache OFBiz documentation, for further information on how to do \
this  +
+Risk factor : High";
+
+script_description(english:desc["english"]); 
+
+summary["english"] = "Apache Open For Business (Apache OFBiz) default administrator \
credentials vulnerability"; +
+script_summary(english:summary["english"]);
+
+script_category(ACT_ATTACK);
+
+script_copyright(english:"This script is Written by Christian Eric Edjenguele \
<christian.edjenguele@owasp.org> and released under GPL v2 or later"); \
+family["english"] = "Settings"; +script_family(english:family["english"]);
+script_dependencies("find_service.nes", "remote-detect-ApacheOfbiz.nasl");
+script_require_keys("ApacheOFBiz/port");
+script_require_ports("Services/www");
+
+
+exit(0);
+
+}
+
+#
+# The script code starts here
+#
+
+include("openvas-https.inc");
+include("misc_func.inc");
+include("http_func.inc");
+include("http_keepalive.inc");
+
+
+port = get_kb_item("ApacheOFBiz/port");
+module = 'webtools/control/login';
+report = '';
+host = get_host_name();
+postdata = string("USERNAME=admin&PASSWORD=ofbiz");
+
+if(!port){
+	port = 8443;
+	request = string("POST /", module, " HTTP/1.1\r\n",
+			 "Content-Type: application/x-www-form-urlencoded\r\n", 
+        		 "Content-Length: ", strlen(postdata),"\r\n",
+		 	 "Host: ", get_host_name(), 
+		 	 "\r\n\r\n",
+		 	 postdata);
+
+	reply = https_req_get(port, request);
+
+	if(reply){
+	
+		welcomeMsg = egrep(pattern:"Welcome THE ADMIN.*", string:reply);
+	
+		if(welcomeMsg){
+			report += "Apache OFBiz said: " + welcomeMsg + "You are using Apache OFBiz \
default ADMINISTRATOR username [admin] and pawssord [ofbiz], this can cause security \
problem in production environment"; +		}	
+	}
+}
+
+if(report)
+	security_note(port:port, data:report);
+

_______________________________________________
Openvas-commits mailing list
Openvas-commits@wald.intevation.org
http://lists.wald.intevation.org/mailman/listinfo/openvas-commits


[prev in list] [next in list] [prev in thread] [next in thread]

Configure | About | News | Add a list | Sponsored by KoreLogic