nikto_put_del_test.plugin

Ubuntu packages of security software。 相当不错的源码

#VERSION,2.01
#LASTMOD,01.09.2008

###############################################################################
#  Copyright (C) 2007 CIRT, Inc.
#
#  This program is free software; you can redistribute it and/or
#  modify it under the terms of the GNU General Public License
#  as published by the Free Software Foundation; version 2
#  of the License only.
#
#  This program is distributed in the hope that it will be useful,
#  but WITHOUT ANY WARRANTY; without even the implied warranty of
#  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
#  GNU General Public License for more details.
#
#  You should have received a copy of the GNU General Public License
#  along with this program; if not, write to the Free Software
#  Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA  02111-1307, USA.
###############################################################################

###############################################################################
# PURPOSE
# Try put and then delete a file
###############################################################################

sub nikto_put_del_test
{
    my $msg;

    # PUT a page
    LW2::http_close(\%request);    # force-close any old connections
    LW2::http_fixup_request(\%request);
    LW2::http_reset();
    my $uri = "/nikto-test-" . LW2::utils_randstr(8) . ".html";
    $request{'whisker'}->{'data'}    = "This was a Nikto test.";
    $request{'whisker'}->{'version'} = "1.0";
    (my $RES, $CONTENT) = fetch($uri, "PUT", "This was a Nikto test.");

    # Request it back
    if ($RES eq 201)
    {
        LW2::http_close(\%request);    # force-close any old connections
        LW2::http_fixup_request(\%request);
        LW2::http_reset();
        (my $RES, $CONTENT) = fetch($uri, "GET");
        if ($CONTENT =~ /This was a Nikto test/)
        {
            $msg                                          = "HTTP method 'PUT' allows clients to save files on the web server.";
            $TESTS{999995}{uri}                           = $uri;
            $TESTS{999995}{message}                       = $msg;
            $TESTS{999995}{method}                        = "PUT";
            $TESTS{999995}{osvdb}                         = 397;
            $TARGETS{$CURRENT_HOST_ID}{positives}{999995} = 1;
            $TARGETS{$CURRENT_HOST_ID}{total_vulns}++;
            nprint("+ OSVDB-$TESTS{999995}{osvdb}: $msg");

            # we were able to put it there--can we delete it?
            (my $RES, $CONTENT) = fetch($uri, "DELETE");
            if ($RES eq 200)
            {
                (my $RES, $CONTENT) = fetch($uri, "GET");
                if ($CONTENT !~ /This was a Nikto test/)    # gone now
                {
                    $msg                                          = "HTTP method 'DELETE' allows clients to delete file on the web server.";
                    $TESTS{999994}{uri}                           = $uri;
                    $TESTS{999994}{message}                       = $msg;
                    $TESTS{999994}{method}                        = "DELETE";
                    $TESTS{999994}{osvdb}                         = 5646;
                    $TARGETS{$CURRENT_HOST_ID}{positives}{999994} = 1;
                    $TARGETS{$CURRENT_HOST_ID}{total_vulns}++;
                    nprint("+ OSVDB-$TESTS{999994}{osvdb}: $msg");
                }
            }
        }
    }
}

1;