scan_database.db

一个用perl写的功能强大的cgi漏洞检测程序

#VERSION,1.174
#LASTMOD,10.27.2003  
# http://www.cirt.net

########################################################################
# Checks: ws type,root,method,file,result,information,data to send
########################################################################
# <script>alert('Vulnerable')</script>","<script>alert('Vulnerable')</script>","GET"
# is vulnerable to Cross Site Scripting (XSS). CA-2000-02."

## These are here for testing or to remind me to test them
"generic","/catinfo?xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx","xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx","GET","The Interscan Viruswall CGI may be vulnerable to a remote buffer overflow. CAN-2001-0432. BID-2579."

"iis","/","Length Required","SEARCH","WebDAV is installed.\n";
## These are the default site tests
"apache","/","Test Page for Apache","GET","Appears to be a default Apache install."
"iis","/","The site you were trying to reach does not currently have a default page","GET","Appears to be a default IIS install."
"iis","/","Welcome to Microsoft Windows NT 4","GET","Appears to be a default IIS install."
"lotus","/","body text=\"#000000\" bgcolor=\"#000000\" style="background-image:url(/homepage.nsf/homePage.gif?OpenImageResource)","GET","Appears to be a default Domino 6 install."
"netscape","/","Web Server, Enterprise Edition 6.0","GET","Appears to be a default Netscape/iPlanet 6 install."
"sambar","/","<TITLE>Sambar Server</TITLE>","GET","Appears to be a default Sambar install."
"tivo","/TiVoConnect?Command=QueryContainer&Container=/&Recurse=Yes","TiVoContainer","GET","TiVo client service is running and may allow download of mp3 or jpg files."
"tivo","/TiVoConnect?Command=QueryServer","Calypso Server","GET","The Tivo Calypso server is running. This page will display the version and platform it is running on. Other URLs may allow download of media."

## These are normal tests
"abyss","/%5c%2e%2e%5c%2e%2e%5c%2e%2e%5c%2e%2e%5cwinnt%5cwin.ini","[fonts]","GET","Abyss allows directory traversal if %5c is in a URL. Upgrade to the latest version."
"abyss","/%5c%2e%2e%5c%2e%2e%5c%2e%2e%5c%2e%2e%5cwinnt%5cwin.ini","[windows]","GET","Abyss allows directory traversal if %5c is in a URL. Upgrade to the latest version."
"abyss","/////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////","index of","GET","Abyss 1.03 reveals directory listing when 256 /'s are requested."
"abyss","/conspass.chl+","200","GET","Abyss allows hidden/protected files to be served if a + is added to the request."
"abyss","/consport.chl+","200","GET","Abyss allows hidden/protected files to be served if a + is added to the request."
"abyss","/general.chl+","200","GET","Abyss allows hidden/protected files to be served if a + is added to the request."
"abyss","/srvstatus.chl+","200","GET","Abyss allows hidden/protected files to be served if a + is added to the request."
"alchemyeye","@CGIDIRS../../../../../../../../../../WINNT/system32/ipconfig.exe","IP Configuration","GET","Alchemy Eye and Alchemy Network Monitor for Windows allow attackers to execute arbitrary commands."
"alchemyeye","@CGIDIRSNUL/../../../../../../../../../WINNT/system32/ipconfig.exe","IP Configuration","GET","Alchemy Eye and Alchemy Network Monitor for Windows allow attackers to execute arbitrary commands."
"alchemyeye","@CGIDIRSPRN/../../../../../../../../../WINNT/system32/ipconfig.exe","IP Configuration","GET","Alchemy Eye and Alchemy Network Monitor for Windows allow attackers to execute arbitrary commands."
"apache","/.DS_Store","Bud1","GET","Apache on Mac OSX will serve the .DS_Store file, which contains sensitive information. Configure Apache to ignore this file or upgrade to a newer version."
"apache","/.FBCIndex","Bud2","GET","This file son OSX contains the source of the files in the directory. http://www.securiteam.com/securitynews/5LP0O005FS.html"
"apache","//","index of","GET","Apache on Red Hat Linux release 9 reveals the root directory listing by default if there is no index page."
"apache","//","not found for:","OPTIONS","By sending an OPTIONS request for /, the physical path to PHP can be revealed."
"apache","/666%0a%0a<script>alert('Vulnerable');</script>666.jsp","<script>alert('Vulnerable');</script>","GET","Apache Tomcat 4.1 / Linux is vulnerable to Cross Site Scripting (XSS). CA-2000-02."
"apache","/?D=A","index of \/","GET","Apache allows directory listings by requesting. Upgrade Apache or disable directory indexing."
"apache","/?M=A","index of \/","GET","Apache allows directory listings by requesting. Upgrade Apache or disable directory indexing."
"apache","/?N=D","index of \/","GET","Apache allows directory listings by requesting. Upgrade Apache or disable directory indexing."
"apache","/?S=A","index of \/","GET","Apache allows directory listings by requesting. Upgrade Apache or disable directory indexing."
"apache","/admin.cgi","Administration","GET","InterScan VirusWall administration is accessible without authentication."
"apache","/blah-whatever.jsp","JSP file \"","GET","The Apache Tomcat 3.1 server reveals the web root path when requesting a non-existent JSP file. CAN-2000-0759."
"apache","/cgi-bin/main_menu.pl","NetDetector Traffic Analysis","GET","The NetDetector allows unauthenticated users to perform database queries."
"apache","/cgi-bin/printenv","DOCUMENT_ROOT","GET","Apache 2.0 default script is executable and gives server environment variables. All default scripts should be removed. It may also allow XSS types of attacks. BID-4431."
"apache","/cgi-bin/printenv","Premature end of script headers: /","GET","Apache 2.0 printenv default script does not have execute permissions but leaks file system paths. It may also allow XSS types of attacks. BID-4431."
"apache","/cgi-bin/search","=sourcedir","GET","Apache Stronghold 3.0 may reveal the web root in the source of this CGI ('sourcedir' value)."
"apache","/cgi-bin/test-cgi","PATH_TRANSLATED","GET","Apache 2.0 default script is executable and reveals system information. All default scripts should be removed."
"apache","/cgi-bin/test-cgi","Premature end of script headers: /","GET","Apache 2.0 printenv default script does not have execute permissions but leaks file system paths."
"apache","/content/base/build/explorer/none.php?..:..:..:..:..:..:..:etc:passwd:","root:","GET","SunPS iRunbook Version 2.5.2 allows files to be read remotely."
"apache","/content/base/build/explorer/none.php?/etc/passwd","root:","GET","SunPS iRunbook Version 2.5.2 allows files to be read remotely."
"apache","/doc/rt/overview-summary.html","Packages","GET","Oracle Business Components for Java 3.1 docs is running."
"apache","/doc/webmin.config.notes","login and password","GET","Webmin config file found, may contain Webmin ID/Password. Typically runs on port 10000."
"apache","/docs/","200","GET","May give list of installed software"
"apache","/docs/sdb/en/html/index.html","Support Database","GET","This may be a default SuSe Apache install. This is the support page."
"apache","/error/%5c%2e%2e%5c%2e%2e%5c%2e%2e%5c%2e%2e%5cwindows%5cwin.ini","[windows]","GET","Apache allows files to be retrieved outside of the web root. Apache should be upgraded to 2.0.40 or above. CAN-2002-0661."
"apache","/error/%5c%2e%2e%5c%2e%2e%5c%2e%2e%5c%2e%2e%5cwinnt%5cwin.ini","[fonts]","GET","Apache allows files to be retrieved outside of the web root. Apache should be upgraded to 2.0.40 or above. CAN-2002-0661."
"apache","/error/HTTP_NOT_FOUND.html.var","Available variants","GET","Apache reveals file system paths when invalid error documents are requested."
"apache","/examples/","Directory Listing","GET","Directory indexing enabled, also default JSP examples."
"apache","/examples/jsp/index.html","JSP Samples","GET","Apache Tomcat default JSP pages present."
"apache","/examples/jsp/snp/snoop.jsp","Request Information","GET","Displays information about page retrievals, including other users."
"apache","/examples/jsp/source.jsp??","Directory Listing","GET","Tomcat 3.23/3.24 allows directory listings by performing a malformed request to a default jsp. Default pages should be removed."
"apache","/examples/servlet/AUX","200","GET","Apache Tomcat versions below 4.1 may be vulnerable to DoS by repeatedly requesting this file."
"apache","/examples/servlet/TroubleShooter","TroubleShooter Servlet Output","GET","Tomcat default jsp page reveals system information and may be vulnerable to XSS."
"apache","/examples/servlets/index.html","Servlet Examples","GET","Apache Tomcat default JSP pages present."
"apache","/icons/","200","GET","Directory indexing is enabled, it should only be enabled for specific directories (if required). If indexing is not used all, the /icons directory should be removed."
"apache","/index.html.ca","200","GET","Apache default foreign language file found. All default files should be removed from the web server as they may give an attacker additional system information."
"apache","/index.html.cz.iso8859-2","200","GET","Apache default foreign language file found. All default files should be removed from the web server as they may give an attacker additional system information."
"apache","/index.html.de","200","GET","Apache default foreign language file found. All default files should be removed from the web server as they may give an attacker additional system information."
"apache","/index.html.dk","200","GET","Apache default foreign language file found. All default files should be removed from the web server as they may give an attacker additional system information."
"apache","/index.html.ee","200","GET","Apache default foreign language file found. All default files should be removed from the web server as they may give an attacker additional system information."
"apache","/index.html.el","200","GET","Apache default foreign language file found. All default files should be removed from the web server as they may give an attacker additional system information."
"apache","/index.html.en","200","GET","Apache default foreign language file found. All default files should be removed from the web server as they may give an attacker additional system information."
"apache","/index.html.es","200","GET","Apache default foreign language file found. All default files should be removed from the web server as they may give an attacker additional system information."
"apache","/index.html.et","200","GET","Apache default foreign language file found. All default files should be removed from the web server as they may give an attacker additional system information."
"apache","/index.html.fr","200","GET","Apache default foreign language file found. All default files should be removed from the web server as they may give an attacker additional system information."
"apache","/index.html.he.iso8859-8","200","GET","Apache default foreign language file found. All default files should be removed from the web server as they may give an attacker additional system information."
"apache","/index.html.hr.iso8859-2","200","GET","Apache default foreign language file found. All default files should be removed from the web server as they may give an attacker additional system information."