Chip 2007 January, February, March & April

home *** CD-ROM | disk | FTP | other *** search

/ Chip 2007 January, February, March & April / Chip-Cover-CD-2007-02.iso / Pakiet bezpieczenstwa / mini Pentoo LiveCD 2006.1 / mpentoo-2006.1.iso / modules / nessus-2.2.8.mo / usr / lib / nessus / plugins / iis_scripts.nasl < prev next >

Wrap

Text File | 2005-01-14 | 2KB | 94 lines

# # This script was written by Renaud Deraison <deraison@cvs.nessus.org> # # # See the Nessus Scripts License for details # if(description) { script_id(10121); script_version ("$Revision: 1.16 $"); name["english"] = "/scripts directory browsable"; name["francais"] = "Dossier /scripts listable"; script_name(english:name["english"], francais:name["francais"]); # Description desc["english"] = "The /scripts directory is browsable. This gives an attacker valuable information about which default scripts you have installed and also whether there are any custom scripts present which may have vulnerabilities. Solution : Disable directory browsing using the IIS MMC. Risk factor : Medium"; desc["francais"] = "Le rΘpertoire /scripts est listable. Cela permet α un pirate de chercher plus facilement et plus efficacement des scripts potentiellements vulnΘrables, et de dΘcouvrir vos scripts maisons qui peuvent avoir des problΦmes de sΘcuritΘ. Solution : dΘsactivez l'option de dossiers listables dans IIS. Facteur de risque : Moyen"; script_description(english:desc["english"], francais:desc["francais"]); # Summary summary["english"] = "Is /scripts/ listable ?"; summary["francais"] = "/scripts/ est-il listable ?"; script_summary(english:summary["english"], francais:summary["francais"]); # Category script_category(ACT_GATHER_INFO); # Dependencie(s) script_dependencie("find_service.nes", "http_version.nasl", "www_fingerprinting_hmap.nasl"); # Family family["english"] = "CGI abuses"; family["francais"] = "Abus de CGI"; script_family(english:family["english"], francais:family["francais"]); # Copyright script_copyright(english:"This script is Copyright (C) 1999 Renaud Deraison", francais:"Ce script est Copyright (C) 1999 Renaud Deraison"); script_require_ports("Services/www", 80); exit(0); } # The attack starts here include("http_func.inc"); port = get_http_port(default:80); sig = get_kb_item("www/hmap/" + port + "/description"); if ( sig && "IIS" >!< sig ) exit(0); if(get_port_state(port)) { data = http_get(item:"/scripts", port:port); soc = http_open_socket(port); if(soc) { send(socket:soc, data:data); code = recv_line(socket:soc, length:1024); buf = http_recv(socket:soc); buf = tolower(buf); must_see = "<title>/scripts"; if((" 200 " >< code)&&(must_see >< buf))security_warning(port); http_close_socket(soc); } }