home *** CD-ROM | disk | FTP | other *** search
/ Chip 2007 January, February, March & April / Chip-Cover-CD-2007-02.iso / Pakiet bezpieczenstwa / mini Pentoo LiveCD 2006.1 / mpentoo-2006.1.iso / modules / nessus-2.2.8.mo / usr / lib / nessus / plugins / dangerous_cgis.nasl < prev    next >
Encoding:
Text File  |  2005-03-31  |  6.1 KB  |  146 lines
  1. #
  2. # This script was written by John Lampe...j_lampe@bellsouth.net 
  3. # Some entries were added by David Maciejak <david dot maciejak at kyxar dot fr>
  4. #
  5. # See the Nessus Scripts License for details
  6. #
  7. # Also covers :
  8. # "CAN-1999-1374","CAN-2001-1283","CAN-2001-0076","CVE-2002-0710","CVE-2001-1100","CAN-2002-0346","CAN-2001-0133","CAN-2001-0022","CAN-2001-0420","CAN-2002-0203","CAN-2001-1343"
  9. # "CAN-2002-0917","CAN-2003-0153","CAN-2003-0153","CAN-2000-0423","CAN-1999-1377","CAN-2001-1196","CAN-2002-1526","CAN-2001-0023","CAN-2002-0263","CAN-2002-0263","CAN-2002-0611",
  10. # "CAN-2002-0230","CVE-2000-1131","CAN-2000-0288","CVE-2000-0952","CAN-2001-0180","CAN-2002-1334","CAN-2001-1205","CVE-2000-0977","CAN-2000-0526","CVE-2001-1100","CAN-2000-1023"
  11. # ,"CVE-1999-0937","CVE-2001-0099","CVE-2001-0100","CAN-2001-1212","CVE-2000-1132","CVE-1999-0934","CVE-1999-0935"
  12.  
  13. if(description)
  14. {
  15.  script_id(11748);
  16.  script_bugtraq_id(1784, 2177, 2197, 4211, 4579, 5078);
  17.  script_version ("$Revision: 1.10 $");
  18.  script_cve_id("CAN-1999-1072","CAN-2002-0749","CAN-2001-0135","CAN-2002-0955","CAN-2001-0562",
  19.          "CAN-2002-0346","CVE-2000-0923","CVE-2001-0123");
  20.  
  21.  
  22.  name["english"] = "Various dangerous cgi scripts ";
  23.  script_name(english:name["english"]);
  24.  
  25.  desc["english"] = "
  26. Some of the following dangerous CGIs were found.
  27.  
  28. Solution : Please take the time to visit http://cve.mitre.org and check the 
  29. associated CVE ID for each cgi found.  If you are running a vulnerable 
  30. version, then delete or upgrade the CGI. 
  31.  
  32. Risk factor : High";
  33.  
  34.  
  35.  script_description(english:desc["english"]);
  36.  
  37.  summary["english"] = "Checks for dangerous cgi scripts";
  38.  
  39.  script_summary(english:summary["english"]);
  40.  
  41.  script_category(ACT_ATTACK); 
  42.  
  43.  
  44.  script_copyright(english:"This script is Copyright (C) 2003 John Lampe",
  45.         francais:"Ce script est Copyright (C) 2003 John Lampe");
  46.  family["english"] = "CGI abuses";
  47.  family["francais"] = "Abus de CGI";
  48.  script_family(english:family["english"], francais:family["francais"]);
  49.  script_dependencie("find_service.nes", "http_version.nasl");
  50.  script_require_ports("Services/www", 80);
  51.  exit(0);
  52. }
  53.  
  54. #
  55. # The script code starts here
  56. #
  57.  
  58. include("http_func.inc");
  59. include("http_keepalive.inc");
  60.  
  61. port = get_http_port(default:80);
  62. if ( get_kb_item("www/no404/" + port ) ) exit(0);
  63.  
  64. if(!get_port_state(port))exit(0);
  65. cgi[0] = "AT-admin.cgi";     cve[0] = "CAN-1999-1072";
  66. cgi[1] = "CSMailto.cgi";     cve[1] = "CAN-2002-0749";
  67. cgi[2] = "UltraBoard.cgi";   cve[2] = "CAN-2001-0135";
  68. cgi[3] = "UltraBoard.pl";    cve[3] = cve[2];
  69. cgi[4] = "YaBB.cgi";         cve[4] = "CAN-2002-0955";
  70. cgi[5] = "a1disp4.cgi";      cve[5] = "CAN-2001-0562";
  71. cgi[6] = "alert.cgi";        cve[6] = "CAN-2002-0346";
  72. cgi[7] = "authenticate.cgi"; cve[7] = "CVE-2000-0923";
  73. cgi[8] = "bbs_forum.cgi";    cve[8] = "CVE-2001-0123";
  74. cgi[9] = "bnbform.cgi";      cve[9] = "CVE-1999-0937";
  75. cgi[10] = "bsguest.cgi";     cve[10] = "CVE-2001-0099";
  76. cgi[11] = "bslist.cgi";      cve[11] = "CVE-2001-0100";
  77. cgi[12] = "catgy.cgi";       cve[12] = "CAN-2001-1212";
  78. cgi[13] = "cgforum.cgi";     cve[13] = "CVE-2000-1132";
  79. cgi[14] = "classifieds.cgi"; cve[14] = "CVE-1999-0934";
  80. cgi[15] = "csPassword.cgi";  cve[15] = "CAN-2002-0917";
  81. cgi[16] = "cvsview2.cgi"  ;  cve[16] = "CAN-2003-0153";    
  82. cgi[17] = "cvslog.cgi";      cve[17] = cve[16];
  83. cgi[18] = "multidiff.cgi";   cve[18] = "CAN-2003-0153";
  84. cgi[19]    = "dnewsweb.cgi";    cve[19] = "CAN-2000-0423";
  85. cgi[20] = "download.cgi";    cve[20] = "CAN-1999-1377";
  86. cgi[21] = "edit_action.cgi"; cve[21] = "CAN-2001-1196";
  87. cgi[22] = "emumail.cgi";     cve[22] = "CAN-2002-1526";
  88. cgi[23] = "everythingform.cgi"; cve[23] = "CAN-2001-0023";
  89. cgi[24] = "ezadmin.cgi";     cve[24] = "CAN-2002-0263";
  90. cgi[25] = "ezboard.cgi";     cve[25] = "CAN-2002-0263";
  91. cgi[26] = "ezman.cgi";       cve[26] = cve[25];
  92. cgi[27] = "ezadmin.cgi";     cve[27] = cve[25];
  93. cgi[28] = "FileSeek.cgi";    cve[28] = "CAN-2002-0611";
  94. cgi[29] = "fom.cgi";         cve[29] = "CAN-2002-0230";
  95. cgi[30] = "gbook.cgi";         cve[30] = "CVE-2000-1131";
  96. cgi[31] = "getdoc.cgi";         cve[31] = "CAN-2000-0288";
  97. cgi[32] = "global.cgi";         cve[32] = "CVE-2000-0952";
  98. cgi[33] = "guestserver.cgi"; cve[33] = "CAN-2001-0180";
  99. cgi[34] = "imageFolio.cgi";  cve[34] = "CAN-2002-1334";
  100. cgi[35] = "lastlines.cgi";   cve[35] = "CAN-2001-1205";
  101. cgi[36] = "mailfile.cgi";    cve[36] = "CVE-2000-0977";
  102. cgi[37] = "mailview.cgi";    cve[37] = "CAN-2000-0526";
  103. cgi[38] = "sendmessage.cgi"; cve[38] = "CVE-2001-1100";
  104. cgi[39] = "nsManager.cgi";   cve[39] = "CAN-2000-1023";
  105. cgi[40] = "perlshop.cgi";    cve[40] = "CAN-1999-1374";
  106. cgi[41] = "readmail.cgi";    cve[41] = "CAN-2001-1283";
  107. cgi[42] = "printmail.cgi";   cve[42] = cve[41];
  108. cgi[43] = "register.cgi";    cve[43] = "CAN-2001-0076";
  109. cgi[44] = "sendform.cgi";    cve[44] = "CVE-2002-0710";
  110. cgi[45] = "sendmessage.cgi"; cve[45] = "CVE-2001-1100";
  111. cgi[46] = "service.cgi";     cve[46] = "CAN-2002-0346";
  112. cgi[47] = "setpasswd.cgi";   cve[47] = "CAN-2001-0133";
  113. cgi[48] = "simplestmail.cgi"; cve[48] = "CAN-2001-0022";
  114. cgi[49] = "simplestguest.cgi"; cve[49] = cve[48];
  115. cgi[50] = "talkback.cgi";    cve[50] = "CAN-2001-0420";
  116. cgi[51] = "ttawebtop.cgi";   cve[51] = "CAN-2002-0203";
  117. cgi[52] = "ws_mail.cgi";     cve[52] = "CAN-2001-1343";
  118. cgi[53] = "survey.cgi";      cve[53] = "CVE-1999-0936";
  119. cgi[54] = "rxgoogle.cgi";    cve[54] = "CAN-2004-0251";
  120. cgi[55] = "ShellExample.cgi"; cve[55] = "CAN-2004-0696";
  121. cgi[56] = "Web_Store.cgi";   cve[56] = "CAN-2004-0734";
  122. cgi[57] = "csFAQ.cgi";      cve[57] = "CAN-2004-0665";
  123.  
  124. flag = 0;
  125. directory = "";
  126.  
  127. mymsg = string("\n\n", "The following dangerous CGI scripts were found", "\n");
  128. mymsg += string("You should manually check each script and associated CVE ID at cve.mitre.org", "\n\n");
  129.  
  130. for (i = 0 ; cgi[i]; i = i + 1) {
  131.     foreach dir (cgi_dirs()) {
  132.            if(is_cgi_installed_ka(item:string(dir, "/", cgi[i]), port:port)) {
  133.               flag = 1;
  134.             mymsg = mymsg + string (dir, "/", cgi[i], " (", cve[i], ")\n");
  135.            } 
  136.     }
  138.  
  139.  
  140. if (flag) {
  141.     mymsg += string("\nSolution : Please take the time to visit cve.mitre.org and check the\n");
  142.     mymsg += string("associated CVE ID for each cgi found.  If you are running a vulnerable\n");
  143.     mymsg += string("version, then delete or upgrade the cgi.\n\n");
  144.     security_hole(port:port, data:mymsg); 
  145.     }
  146.