pollit.nasl

漏洞扫描源码,可以扫描linux,windows,交换机路由器

#
# This script was written by Thomas Reinke <reinke@securityspace.com>
#
# See the Nessus Scripts License for details
#
# Changes by rd :
#    - attempt to read /etc/passwd
#    - script_id
#    - script_bugtraq_id(1431);
#

if(description)
{
 script_id(10459);
 script_bugtraq_id(1431);
 script_version ("$Revision: 38 $"); 
 script_cve_id("CVE-2000-0590");
 name["english"] = "Poll It v2.0 cgi";
 name["francais"] = "Poll It v2.0 cgi";
 script_name(english:name["english"], francais:name["francais"]);

 desc["english"] = "'Poll_It_SSI_v2.0.cgi' is installed. This CGI has
 a well known security flaw that lets an attacker retrieve any file from
 the remote system, e.g. /etc/passwd.

Solution:  remove 'Poll_It_SSI_v2.0.cgi' from /cgi-bin.

Risk factor : High";

desc["francais"] = "Le cgi 'Poll_It_SSI_v2.0.cgi' est install