netware_tomcat_sourcecode_viewer.nasl

来自「漏洞扫描源码,可以扫描linux,windows,交换机路由器」· NASL 代码 · 共 75 行

NASL
75
字号 
## This script was written by David Kyger <david_kyger@symantec.com>## See the Nessus Scripts License for details#if(description){  script_id(12119);  script_version ("$Revision: 38 $");# script_bugtraq_id();# script_cve_id(""); name["english"] = "Netware 6.0 Tomcat source code viewer"; script_name(english:name["english"]);  desc["english"] = "The Apache Tomcat server distributed with Netware 6.0 has a directory traversal vulnerability. As a result, sensitive information could be obtained from the Netware server, such as the RCONSOLE password located in AUTOEXEC.NCF.Example : http://target/examples/jsp/source.jsp?%2e%2e/%2e%2e/%2e%2e/%2e%2e/system/autoexec.ncfRisk factor : High"; script_description(english:desc["english"]);  summary["english"] = "Checks for the Netware 6.0 Tomcat source code viewer vulnerability"; script_summary(english:summary["english"]); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2004 David Kyger"); family["english"] = "Netware"; script_family(english:family["english"]); script_dependencie("find_service.nes", "http_version.nasl"); script_require_ports("Services/www", 80); exit(0);}## The script code starts here#include("http_func.inc");include("http_keepalive.inc");warning = string("The Apache Tomcat server distributed with Netware 6.0 has a directory traversal vulnerability. As a result, sensitive information could be obtained from the Netware server, such as the RCONSOLE password located in AUTOEXEC.NCF.The content of the AUTOEXEC.NCF follows:");url = "/examples/jsp/source.jsp?%2e%2e/%2e%2e/%2e%2e/%2e%2e/system/autoexec.ncf"; port = get_http_port(default:80);if(get_port_state(port)) {   req = http_get(item:url, port:port);   buf = http_keepalive_send_recv(port:port, data:req);   if ("SYS:\" >< buf)    {     warning = warning + string("\n", buf) + "Solution : Remove default files from the web server. Also, ensure the RCONSOLE password is encrypted and utilize a password protected screensaver for console access.Risk factor : High";     security_hole(port:port, data:warning);    } }

netware_tomcat_sourcecode_viewer.nasl - 源码说明

本页面展示了「漏洞扫描源码,可以扫描linux,windows,交换机路由器」中的 netware_tomcat_sourcecode_viewer.nasl 源码文件,采用 NASL 编程语言编写,共 75 行代码。您可以在线阅读完整代码内容,也可以返回资源详情页下载完整源码包进行本地学习和开发。

虫虫下载站收录了大量与windows相关的技术资源,包括源代码、技术文档、电路图等,是电子工程师和嵌入式开发者的专业学习平台。

⌨️ 快捷键说明

复制代码Ctrl + C
搜索代码Ctrl + F
全屏模式F11
增大字号Ctrl + =
减小字号Ctrl + -
显示快捷键?