cvstrac_filediff.nasl

来自「漏洞扫描源码,可以扫描linux,windows,交换机路由器」· NASL 代码 · 共 69 行

NASL
69
字号 
#  This script was written by David Maciejak <david dot maciejak at kyxar dot fr>#  based on work from#  (C) Tenable Netwok Security## Ref: Richard Ngo (August 2004)# This script is released under the GNU GPLv2if(description){script_id(14220);script_cve_id("CVE-2004-1456");script_bugtraq_id(10878); if ( defined_func("script_xref") ) 	script_xref(name:"OSVDB", value:"8373"); script_version ("$Revision: 38 $"); name["english"] = "CVSTrac filediff vulnerability"; script_name(english:name["english"]);  desc["english"] = "The remote host seems to be running cvstrac, a web-based bug and patch-set tracking system for CVS.This version of filediff has a flaw in the input sanitationwhich, when exploited, can lead to a remote attacker executing arbitrary commands on the system.***** Nessus has determined the vulnerability exists on the target***** simply by looking at the version number(s) of CVSTrac***** installed there. Solution : Update to version 1.1.4 or disable this CGI suiteRisk factor : High"; script_description(english:desc["english"]);  summary["english"] = "Checks for CVSTrac version";  script_summary(english:summary["english"]);  script_category(ACT_ATTACK);   script_copyright(english:"This script is Copyright (C) 2004 David Maciejak"); family["english"] = "CGI abuses"; family["fancais"] = "Abus de CGI"; script_family(english:family["english"], francais:family["francais"]); script_dependencie("cvstrac_detect.nasl"); script_require_ports("Services/www", 80); exit(0);}## The script code starts here#include("http_func.inc");port = get_http_port(default:80);kb = get_kb_item("www/" + port + "/cvstrac" );if ( ! kb ) exit(0);stuff = eregmatch(pattern:"(.*) under (.*)", string:kb );version = stuff[1];if(ereg(pattern:"^(0\.|1\.(0|1\.[0-3]([^0-9]|$)))", string:version)) 		security_hole(port);

cvstrac_filediff.nasl - 源码说明

本页面展示了「漏洞扫描源码,可以扫描linux,windows,交换机路由器」中的 cvstrac_filediff.nasl 源码文件,采用 NASL 编程语言编写,共 69 行代码。您可以在线阅读完整代码内容,也可以返回资源详情页下载完整源码包进行本地学习和开发。

虫虫开发者社区收录了大量与漏洞扫描相关的技术资源,包括源代码、技术文档、电路图等,是电子工程师和嵌入式开发者的专业学习平台。

⌨️ 快捷键说明

复制代码Ctrl + C
搜索代码Ctrl + F
全屏模式F11
增大字号Ctrl + =
减小字号Ctrl + -
显示快捷键?