home *** CD-ROM | disk | FTP | other *** search
/ Chip 2007 January, February, March & April / Chip-Cover-CD-2007-02.iso / Pakiet bezpieczenstwa / mini Pentoo LiveCD 2006.1 / mpentoo-2006.1.iso / modules / nessus-2.2.8.mo / usr / lib / nessus / plugins / keene_xss.nasl < prev    next >
Text File  |  2005-03-31  |  3KB  |  91 lines
  1. #
  2. # This script was written by David Maciejak <david dot maciejak at kyxar dot fr>
  4. # Ref: Dr_insane
  5. #
  6. # This script is released under the GNU GPL v2
  7.  
  8. if(description)
  9. {
  10.   script_id(14681);
  11.   script_bugtraq_id(11111);
  12.   if ( defined_func("script_xref") ) 
  13.   {
  14.     script_xref(name:"OSVDB", value:9514);
  15.     script_xref(name:"OSVDB", value:9515);
  16.     script_xref(name:"OSVDB", value:9516);
  17.   }
  18.   script_version("$Revision: 1.4 $");
  19.   
  20.   script_name(english:"Keene digital media server XSS");
  21.  
  22.  
  23.  desc["english"] = "
  24. The remote host runs Keene digital media server, a webserver
  25. used to share digital information.
  26.  
  27.  
  28. This version is vulnerable to multiple cross-site scripting attacks which
  29. may allow an attacker to steal the cookies of users of this site.
  30.  
  31. Solution: Upgrade to the latest version of this software
  32. Risk factor : Medium";
  33.  
  34.   script_description(english:desc["english"]);
  35.   script_summary(english:"Checks XSS in Keene server");
  36.   script_category(ACT_GATHER_INFO);
  37.   script_copyright(english:"This script is Copyright (C) 2004 David Maciejak");
  38.   script_family(english:"CGI abuses : XSS");
  39.   script_require_ports("Services/www", 80);
  40.   script_dependencie("http_version.nasl", "cross_site_scripting.nasl");
  41.   exit(0);
  42. }
  43.  
  44. include("http_func.inc");
  45. include("http_keepalive.inc");
  46.  
  47. port = get_http_port(default:80);
  48. if(!get_port_state(port))exit(0);
  49. if ( get_kb_item("www/" + port + "/generic_xss") ) exit(0);
  50.  
  51. buf = http_get(item:"/dms/slideshow.kspx?source=<script>foo</script>", port:port);
  52. r = http_keepalive_send_recv(port:port, data:buf, bodyonly:1);
  53. if( r == NULL )exit(0);
  54.  if(egrep(pattern:"<script>foo</script>", string:r))
  55.   {
  56.      security_warning(port);
  57.     exit(0);
  58.   }
  59. buf = http_get(item:"/dms/dlasx.kspx?shidx=<script>foo</script>", port:port);
  60. r = http_keepalive_send_recv(port:port, data:buf, bodyonly:1);
  61. if( r == NULL )exit(0);
  62.   if(egrep(pattern:"<script>foo</script>", string:r))
  63.   {
  64.      security_warning(port);
  65.     exit(0);
  66.   }
  67. buf = http_get(item:"/igen/?pg=dlasx.kspx&shidx=<script>foo</script>", port:port);
  68.  r = http_keepalive_send_recv(port:port, data:buf, bodyonly:1);
  69. if( r == NULL )exit(0);
  70. if(egrep(pattern:"<script>foo</script>", string:r))
  71.   {
  72.      security_warning(port);
  73.     exit(0);
  74.   }
  75. buf = http_get(item:"/dms/mediashowplay.kspx?pic=<script>foo</script>&idx=0", port:port);
  76.  r = http_keepalive_send_recv(port:port, data:buf, bodyonly:1);
  77. if( r == NULL )exit(0);
  78.  if(egrep(pattern:"<script>foo</script>", string:r))
  79.   {
  80.      security_warning(port);
  81.     exit(0);
  82.   }
  83. buf = http_get(item:"/dms/mediashowplay.kspx?pic=0&idx=<script>foo</script>", port:port);
  84. r = http_keepalive_send_recv(port:port, data:buf, bodyonly:1);
  85. if( r == NULL )exit(0);
  86. if(egrep(pattern:"<script>foo</script>", string:r))
  87.   {
  88.      security_warning(port);
  89.     exit(0);
  90.   }
  91.