# # written by K-Otik.com # # Siteframe Cross Site Scripting Bugs # # Message-ID: <1642444765.20030319015935@olympos.org> # From: Ertan Kurt # To: # Subject: Some XSS vulns # if (description) { script_id(11448); script_bugtraq_id(7140, 7143); script_version ("$Revision: 1.10 $"); script_name(english:"Siteframe Cross Site Scripting Bugs"); desc["english"] = " Siteframe 2.2.4 has a cross site scripting bug. An attacker may use it to perform a cross site scripting attack on this host. In addition to this, another flaw in this package may allow an attacker to obtain the physical path to the remote web root. Solution : Upgrade to a newer version. Risk factor : Medium"; script_description(english:desc["english"]); script_summary(english:"Determine if Siteframe is vulnerable to xss attack"); script_category(ACT_GATHER_INFO); script_family(english:"CGI abuses", francais:"Abus de CGI"); script_copyright(english:"This script is Copyright (C) 2003 k-otik.com"); script_dependencie("find_service.nes", "http_version.nasl", "cross_site_scripting.nasl"); script_require_ports("Services/www", 80); exit(0); } include("http_func.inc"); include("http_keepalive.inc"); port = get_http_port(default:80); if(!get_port_state(port))exit(0); if(get_kb_item(string("www/", port, "/generic_xss"))) exit(0); if(!can_host_php(port:port))exit(0); foreach d (cgi_dirs()) { url = string(d, "/search.php?searchfor=", raw_string(0x22), ">"); req = http_get(item:url, port:port); buf = http_keepalive_send_recv(port:port, data:req); if( buf == NULL ) exit(0); if(ereg(pattern:"^HTTP/[0-9]\.[0-9] 200 ", string:buf) && "" >< buf) { security_warning(port:port); exit(0); } } ')">Ó¡ÔºÐÂÎÅ¡¿ ¡¾Ñ§Ôº¸Å¿ö¡¿

# # This script was written by Renaud Deraison # # See the Nessus Scripts License for details # if(description) { script_id(10254); script_version ("$Revision: 1.13 $"); script_cve_id("CAN-1999-0231"); name["english"] = "SLMail denial of service"; name["francais"] = "Déni de service contre SLMail"; script_name(english:name["english"], francais:name["francais"]); desc["english"] = "It was possible to perform a denial of service against the remote SMTP server by sending a too long argument to the VRFY command. This problem allows an attacker to bring down your mail system, preventing you from sending and receiving emails. Solution : Update your MTA, or change it. Risk factor : Serious"; desc["francais"] = "Il a été possible de créer un déni de service contre le serveur SMTP distant en envoyant un argument trop long à la commande VRFY. Ce problème permet à un pirate de mettre à genoux votre système de mail, vous empechant ainsi d'envoyer ainsi que de recevoir des messages. Solution : Mettez à jour votre MTA, ou changez-le. Facteur de risque : Sérieux"; script_description(english:desc["english"], francais:desc["francais"]); summary["english"] = "VRFY aaaaa(...)aaa crashes th

# # Copyright 2001 by Noam Rathaus # # See the Nessus Scripts License for details # # if(description) { script_id(10741); #script_cve_id("CVE-MAP-NOMATCH"); script_version ("$Revision: 1.8 $"); name["english"] = "SiteScope Web Administration Server Detection"; script_name(english:name["english"]); desc["english"] = "The remote web server is running the SiteScope Administration web server. This server enables attackers to configure your SiteScope product (Firewall monitoring program) if they gain access to a valid authentication username and password or to gain valid usernames and passwords using a brute force attack. Solution: Disable the SiteScope Administration web server if it is unnecessary, or block incoming traffic to this port. Risk factor : Low"; script_description(english:desc["english"]); summary["english"] = "SiteScope Web Administration Server Detect"; script_summary(english:summary["english"]); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2001 SecuriTeam"); family["english"] = "General"; script_family(english:family["english"]); script_dependencie("find_service.nes"); script_require_ports("Services/www", 2525); exit(0); } # # The script code starts here # include("http_func.inc"); include("misc_func.inc"); ports = add_port_in_list(list:get_kb_list("Services/www"), port:2525); foreach port (ports) { soc = http_open_socket(port); if(soc) { req = http_get(item:"/", port:port); send(socket:soc, data:req); buf = http_recv(socket:soc); #display(buf); if (("401 Unauthorized" >< buf) && ("WWW-Authenticate: BASIC realm=" >< buf) && ("SiteScope Administrator" >< buf)) { security_warning(port:port); } http_close_socket(soc); } } nter">

¡ýÑ§Éú×éÖ¯Ö±Í¨³µ¡ý

¡¡»° ¾ç ÍÅ

¡¡ÎÄ Ñ§ Éç

¡¡¡¶¿çÔ½¡·ÔÓÖ¾Éç

¡¡ÀºÇòÐ»á

¡¡×ãÇòÐ»á

¡¡ÓðÃ«ÇòÐ»á

¡¡µçÉùÀÖ¶Ó

¡¡

¡¶¿çÔ½¡·ÔÓÖ¾Éç

¡¡¡¡¡¶¿çÔ½¡·±¾×Å¡°Á¢×ã´óÑ§¡±µÄ¶¨Î»Ê¹Æä³ÉÎª´óÑ§ÉúµÄÅóÓÑ¡£ÃæÁÙ¶þÊ®Ò»ÊÀ¼ÍÌôÕ½µÄ½ñÌì£¬ÈÃÎÒÃÇ´óÑ§ÉúÍ¨¹ý¡¶¿çÔ½¡·¶ø¡°¿çÔ½¡±Ò»¸öÊÀ¼Í£¬¡°¿çÔ½¡±Ò»¸öÃÀºÃµÄÎ´À´¡£

# # See the Nessus Scripts License for details # if(description) { script_id(10725); script_version ("$Revision: 1.11 $"); script_bugtraq_id(3175); script_cve_id("CAN-2001-1115"); name["english"] = "SIX Webboard's generate.cgi"; script_name(english:name["english"]); desc["english"] = "The CGI 'generate.cgi'from SIX webboard is installed. This CGI has a well known security flaw that lets an attacker read arbitrary files with the privileges of the http daemon (usually root or nobody). Solution : remove it from /cgi-bin Risk factor : Serious"; desc["francais"] = "Le cgi 'generate.cgi' de SIX webboard est installé. Celui-ci possède un problème de sécurité bien connu qui permet à n'importe qui de faire lire des fichiers arbitraires au daemon http, avec les privilèges de celui-ci (root ou nobody). Solution : retirez-le de /cgi-bin. Facteur de risque : Sérieux"; script_description(english:desc["english"], francais:desc["francais"]); summary["english"] = "Checks for the presence of /cgi-bin/webboard/generate.cgi"; summary["francais"] = "Vérifie la présence de /cgi-bin/webboard/generate.cgi"; script_summary(english:summary["english"], francais:summary["francais"]); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2001 Renaud Deraison", francais:"Ce script est Copyright (C) 2001 Renaud Deraison"); family["english"] = "CGI abuses"; family["francais"] = "Abus de CGI"; script_family(english:family["english"], francais:family["francais"]); script_dependencie("find_service.nes", "no404.nasl"); script_require_ports("Services/www", 80); exit(0); } # # The script code starts here # include("http_func.inc"); include("http_keepalive.inc"); port = get_http_port(default:80); if(!get_port_state(port))exit(0); flag = 0; foreach dir (cgi_dirs()) { cgi = string(dir, "/webboard/generate.cgi"); if(is_cgi_installed_ka(item:cgi, port:port))flag = 1; else { cgi = string(dir, "/generate.cgi"); if(is_cgi_installed_ka(item:cgi, port:port)){ flag = 1; } } } if(!flag)exit(0); # may need to be improved... req = http_get(item:string(dir, "/", cgi, "?content=../../../../../../etc/passwd%00board=board_1"), port:port); soc = http_open_socket(port); if(soc) { send(socket:soc, data:req); r = http_recv(socket:soc); http_close_socket(soc); if(egrep(pattern:".*root:.*:0:[01]:.*", string:r)) { security_hole(port); exit(0); } } req = http_get(item:string(dir, "/", cgi, "?content=../../../../../../windows/win.ini%00board=board_1"), port:port); soc = http_open_socket(port); if(soc) { send(socket:soc, data:req); r = http_recv(socket:soc); http_close_socket(soc); if("[windows]" >< r) { security_hole(port); exit(0); } } req = http_get(item:string(dir, "/", cgi, "?content=../../../../../../winnt/win.ini%00board=board_1"), port:port); soc = http_open_socket(port); if(soc) { send(socket:soc, data:req); r = http_recv(socket:soc); http_close_socket(soc); if("[fonts]" >< r) { security_hole(port); exit(0); } }

¡¡¡¡±¾Ð»áµÄ»î¶¯×ÚÖ¼ÊÇ£º×·ÇóÉãÓ°ÒÕÊõµÄÍêÃÀºÍ¼¼ÊõµÄ¾«Õ¿£»Ì½ÌÖÉãÓ°¼¼ÊõÓëÓ¡Ë¢ÔÙÏÖµÄ½ôÃÜ¹ØÏµ£»ÑÐ¾¿Êý×ÖÍ¼Ïó´¦ÀíµÄÏÈ½ø¼¼Êõ£»ÅàÑø¸ßÉÐµÄÒÕÊõÐÞÑøºÍÈËÎÄ¾«Éñ¡£