home *** CD-ROM | disk | FTP | other *** search

---

/ Chip 2007 January, February, March & April / Chip-Cover-CD-2007-02.iso / Pakiet bezpieczenstwa / mini Pentoo LiveCD 2006.1 / mpentoo-2006.1.iso / modules / nessus-2.2.8.mo / usr / lib / nessus / plugins / dangerous_cgis.nasl

< prev

next >

Wrap

Text File  |  2005-03-31  |  6KB  |  146 lines

---

1. #
2. # This script was written by John Lampe...j_lampe@bellsouth.net 
3. # Some entries were added by David Maciejak <david dot maciejak at kyxar dot fr>
4. #
5. # See the Nessus Scripts License for details
6. #
7. # Also covers :
8. # "CAN-1999-1374","CAN-2001-1283","CAN-2001-0076","CVE-2002-0710","CVE-2001-1100","CAN-2002-0346","CAN-2001-0133","CAN-2001-0022","CAN-2001-0420","CAN-2002-0203","CAN-2001-1343"
9. # "CAN-2002-0917","CAN-2003-0153","CAN-2003-0153","CAN-2000-0423","CAN-1999-1377","CAN-2001-1196","CAN-2002-1526","CAN-2001-0023","CAN-2002-0263","CAN-2002-0263","CAN-2002-0611",
10. # "CAN-2002-0230","CVE-2000-1131","CAN-2000-0288","CVE-2000-0952","CAN-2001-0180","CAN-2002-1334","CAN-2001-1205","CVE-2000-0977","CAN-2000-0526","CVE-2001-1100","CAN-2000-1023"
11. # ,"CVE-1999-0937","CVE-2001-0099","CVE-2001-0100","CAN-2001-1212","CVE-2000-1132","CVE-1999-0934","CVE-1999-0935"
12.  
13. if(description)
14. {
15.  script_id(11748);
16.  script_bugtraq_id(1784, 2177, 2197, 4211, 4579, 5078);
17.  script_version ("$Revision: 1.10 $");
18.  script_cve_id("CAN-1999-1072","CAN-2002-0749","CAN-2001-0135","CAN-2002-0955","CAN-2001-0562",
19.          "CAN-2002-0346","CVE-2000-0923","CVE-2001-0123");
20.  
21.  
22.  name["english"] = "Various dangerous cgi scripts ";
23.  script_name(english:name["english"]);
24.  
25.  desc["english"] = "
26. Some of the following dangerous CGIs were found.
27.  
28. Solution : Please take the time to visit http://cve.mitre.org and check the 
29. associated CVE ID for each cgi found.  If you are running a vulnerable 
30. version, then delete or upgrade the CGI. 
31.  
32. Risk factor : High";
33.  
34.  
35.  script_description(english:desc["english"]);
36.  
37.  summary["english"] = "Checks for dangerous cgi scripts";
38.  
39.  script_summary(english:summary["english"]);
40.  
41.  script_category(ACT_ATTACK); 
42.  
43.  
44.  script_copyright(english:"This script is Copyright (C) 2003 John Lampe",
45.         francais:"Ce script est Copyright (C) 2003 John Lampe");
46.  family["english"] = "CGI abuses";
47.  family["francais"] = "Abus de CGI";
48.  script_family(english:family["english"], francais:family["francais"]);
49.  script_dependencie("find_service.nes", "http_version.nasl");
50.  script_require_ports("Services/www", 80);
51.  exit(0);
52. }
53.  
54. #
55. # The script code starts here
56. #
57.  
58. include("http_func.inc");
59. include("http_keepalive.inc");
60.  
61. port = get_http_port(default:80);
62. if ( get_kb_item("www/no404/" + port ) ) exit(0);
63.  
64. if(!get_port_state(port))exit(0);
65. cgi[0] = "AT-admin.cgi";     cve[0] = "CAN-1999-1072";
66. cgi[1] = "CSMailto.cgi";     cve[1] = "CAN-2002-0749";
67. cgi[2] = "UltraBoard.cgi";   cve[2] = "CAN-2001-0135";
68. cgi[3] = "UltraBoard.pl";    cve[3] = cve[2];
69. cgi[4] = "YaBB.cgi";         cve[4] = "CAN-2002-0955";
70. cgi[5] = "a1disp4.cgi";      cve[5] = "CAN-2001-0562";
71. cgi[6] = "alert.cgi";        cve[6] = "CAN-2002-0346";
72. cgi[7] = "authenticate.cgi"; cve[7] = "CVE-2000-0923";
73. cgi[8] = "bbs_forum.cgi";    cve[8] = "CVE-2001-0123";
74. cgi[9] = "bnbform.cgi";      cve[9] = "CVE-1999-0937";
75. cgi[10] = "bsguest.cgi";     cve[10] = "CVE-2001-0099";
76. cgi[11] = "bslist.cgi";      cve[11] = "CVE-2001-0100";
77. cgi[12] = "catgy.cgi";       cve[12] = "CAN-2001-1212";
78. cgi[13] = "cgforum.cgi";     cve[13] = "CVE-2000-1132";
79. cgi[14] = "classifieds.cgi"; cve[14] = "CVE-1999-0934";
80. cgi[15] = "csPassword.cgi";  cve[15] = "CAN-2002-0917";
81. cgi[16] = "cvsview2.cgi"  ;  cve[16] = "CAN-2003-0153";    
82. cgi[17] = "cvslog.cgi";      cve[17] = cve[16];
83. cgi[18] = "multidiff.cgi";   cve[18] = "CAN-2003-0153";
84. cgi[19]    = "dnewsweb.cgi";    cve[19] = "CAN-2000-0423";
85. cgi[20] = "download.cgi";    cve[20] = "CAN-1999-1377";
86. cgi[21] = "edit_action.cgi"; cve[21] = "CAN-2001-1196";
87. cgi[22] = "emumail.cgi";     cve[22] = "CAN-2002-1526";
88. cgi[23] = "everythingform.cgi"; cve[23] = "CAN-2001-0023";
89. cgi[24] = "ezadmin.cgi";     cve[24] = "CAN-2002-0263";
90. cgi[25] = "ezboard.cgi";     cve[25] = "CAN-2002-0263";
91. cgi[26] = "ezman.cgi";       cve[26] = cve[25];
92. cgi[27] = "ezadmin.cgi";     cve[27] = cve[25];
93. cgi[28] = "FileSeek.cgi";    cve[28] = "CAN-2002-0611";
94. cgi[29] = "fom.cgi";         cve[29] = "CAN-2002-0230";
95. cgi[30] = "gbook.cgi";         cve[30] = "CVE-2000-1131";
96. cgi[31] = "getdoc.cgi";         cve[31] = "CAN-2000-0288";
97. cgi[32] = "global.cgi";         cve[32] = "CVE-2000-0952";
98. cgi[33] = "guestserver.cgi"; cve[33] = "CAN-2001-0180";
99. cgi[34] = "imageFolio.cgi";  cve[34] = "CAN-2002-1334";
100. cgi[35] = "lastlines.cgi";   cve[35] = "CAN-2001-1205";
101. cgi[36] = "mailfile.cgi";    cve[36] = "CVE-2000-0977";
102. cgi[37] = "mailview.cgi";    cve[37] = "CAN-2000-0526";
103. cgi[38] = "sendmessage.cgi"; cve[38] = "CVE-2001-1100";
104. cgi[39] = "nsManager.cgi";   cve[39] = "CAN-2000-1023";
105. cgi[40] = "perlshop.cgi";    cve[40] = "CAN-1999-1374";
106. cgi[41] = "readmail.cgi";    cve[41] = "CAN-2001-1283";
107. cgi[42] = "printmail.cgi";   cve[42] = cve[41];
108. cgi[43] = "register.cgi";    cve[43] = "CAN-2001-0076";
109. cgi[44] = "sendform.cgi";    cve[44] = "CVE-2002-0710";
110. cgi[45] = "sendmessage.cgi"; cve[45] = "CVE-2001-1100";
111. cgi[46] = "service.cgi";     cve[46] = "CAN-2002-0346";
112. cgi[47] = "setpasswd.cgi";   cve[47] = "CAN-2001-0133";
113. cgi[48] = "simplestmail.cgi"; cve[48] = "CAN-2001-0022";
114. cgi[49] = "simplestguest.cgi"; cve[49] = cve[48];
115. cgi[50] = "talkback.cgi";    cve[50] = "CAN-2001-0420";
116. cgi[51] = "ttawebtop.cgi";   cve[51] = "CAN-2002-0203";
117. cgi[52] = "ws_mail.cgi";     cve[52] = "CAN-2001-1343";
118. cgi[53] = "survey.cgi";      cve[53] = "CVE-1999-0936";
119. cgi[54] = "rxgoogle.cgi";    cve[54] = "CAN-2004-0251";
120. cgi[55] = "ShellExample.cgi"; cve[55] = "CAN-2004-0696";
121. cgi[56] = "Web_Store.cgi";   cve[56] = "CAN-2004-0734";
122. cgi[57] = "csFAQ.cgi";      cve[57] = "CAN-2004-0665";
123.  
124. flag = 0;
125. directory = "";
126.  
127. mymsg = string("\n\n", "The following dangerous CGI scripts were found", "\n");
128. mymsg += string("You should manually check each script and associated CVE ID at cve.mitre.org", "\n\n");
129.  
130. for (i = 0 ; cgi[i]; i = i + 1) {
131.     foreach dir (cgi_dirs()) {
132.            if(is_cgi_installed_ka(item:string(dir, "/", cgi[i]), port:port)) {
133.               flag = 1;
134.             mymsg = mymsg + string (dir, "/", cgi[i], " (", cve[i], ")\n");
135.            } 
136.     }
137. } 
138.  
139.  
140. if (flag) {
141.     mymsg += string("\nSolution : Please take the time to visit cve.mitre.org and check the\n");
142.     mymsg += string("associated CVE ID for each cgi found.  If you are running a vulnerable\n");
143.     mymsg += string("version, then delete or upgrade the cgi.\n\n");
144.     security_hole(port:port, data:mymsg); 
145.     }
146.