'[Openvas-commits] r3222 - in trunk/openvas-plugins: . scripts'

[prev in list] [next in list] [prev in thread] [next in thread] 

List:       openvas-cvs
Subject:    [Openvas-commits] r3222 - in trunk/openvas-plugins: . scripts
From:       scm-commit () wald ! intevation ! org
Date:       2009-04-30 21:11:19
Message-ID: 20090430211119.AD9734089F () pyrosoma ! intevation ! org
[Download RAW message or body]

Author: edjenguele
Date: 2009-04-30 23:11:17 +0200 (Thu, 30 Apr 2009)
New Revision: 3222

Added:
   trunk/openvas-plugins/scripts/remote-detect-Leap_CMS.nasl
Modified:
   trunk/openvas-plugins/ChangeLog
Log:
Added Leap CMS service detection,
This software is affected by multiple sql injection vulnerabilities
TODO:
* sql injection vulnerability check (working on)


Modified: trunk/openvas-plugins/ChangeLog
===================================================================

--- trunk/openvas-plugins/ChangeLog	2009-04-30 10:13:28 UTC (rev 3221)
+++ trunk/openvas-plugins/ChangeLog	2009-04-30 21:11:17 UTC (rev 3222)
@@ -1,3 +1,7 @@
+2009-04-30 Christian Eric Edjenguele <christian.edjenguele@owasp.org>
+	* scripts/remote-detect-Leap_CMS.nasl:
+	New script
+
 2009-04-30 Chandrashekhar B <bchandra@secpod.com>
 	* extra/lsc_generator/LSCGenerator.py,
 	extra/lsc_generator/test/sanity_test.py,

Added: trunk/openvas-plugins/scripts/remote-detect-Leap_CMS.nasl
===================================================================
--- trunk/openvas-plugins/scripts/remote-detect-Leap_CMS.nasl	2009-04-30 10:13:28 UTC \
                (rev 3221)
+++ trunk/openvas-plugins/scripts/remote-detect-Leap_CMS.nasl	2009-04-30 21:11:17 UTC \
(rev 3222) @@ -0,0 +1,99 @@
+# OpenVAS Vulnerability Test
+# $Id$
+# Description: This script ensure that the Leap CMS is installed and running
+#
+# remote-detect-Leap_CMS.nasl
+#
+# Author:
+# Christian Eric Edjenguele <christian.edjenguele@owasp.org>
+#
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License version 2 and later,
+# as published by the Free Software Foundation
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, write to the Free Software
+# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
+#
+
+
+
+if(description)
+{
+script_id(101025);
+name["english"] = "Leap CMS service detection";
+script_name(english:name["english"]);
+ 
+desc["english"] = "
+The remote host is running the Leap CMS. 
+Leap is a single file, template independant, PHP and MySQL Content Management \
System. +
+Solution :
+It's recommended to allow connection to this host only from trusted hosts or \
networks, +or disable the service if not used.
+
+Risk factor : None";
+
+script_description(english:desc["english"]); 
+
+summary["english"] = "Detect a running Leap CMS";
+
+script_summary(english:summary["english"]);
+
+script_category(ACT_GATHER_INFO);
+
+script_copyright(english:"This script is Written by Christian Eric Edjenguele \
<christian.edjenguele@owasp.org> and released under GPL v2 or later"); \
+family["english"] = "Service detection"; +script_family(english:family["english"]);
+script_dependencies("find_service.nes");
+script_require_ports("Services/www", 80, 8080);
+
+
+exit(0);
+
+}
+
+#
+# The script code starts here
+#
+
+include("misc_func.inc");
+include("http_func.inc");
+include("http_keepalive.inc");
+
+
+port = get_http_port(default:80);
+report = '';
+
+request = string("GET /leap/", " HTTP/1.1\r\n","Host: ", get_host_name(), \
"\r\n\r\n"); +
+response = http_send_recv(port:port, data:request);
+
+
+if(response){
+
+	server = eregmatch(pattern:"Server: ([a-zA-Z]+)/([0-9.]+)",string:response);
+	vendor = eregmatch(pattern:'Powered by <a \
href="http://leap.gowondesigns.com/">Leap</a> ([0-9.]+)',string:response, \
icase:TRUE); +	
+	if(vendor){
+		
+		report += "\n Detected Leap CMS Version: " + vendor[1];
+		set_kb_item(name:"LeapCMS/installed", value:TRUE);
+		set_kb_item(name:"LeapCMS/port", value:port);
+		set_kb_item(name:"LeapCMS/version", value:vendor[1]);
+	}
+
+	if(server){
+		
+		set_kb_item(name:"LeapServer/type", value:server[1]);
+		set_kb_item(name:"LeapServer/version", value:server[2]);
+		report += " on " + server[0];
+		}
+}
+if(report)
+	security_note(port:port, data:report);

_______________________________________________
Openvas-commits mailing list
Openvas-commits@wald.intevation.org
http://lists.wald.intevation.org/mailman/listinfo/openvas-commits


[prev in list] [next in list] [prev in thread] [next in thread] 
