simplewww.nasl

漏洞扫描源码,可以扫描linux,windows,交换机路由器

#
# This script was written by Mathieu Meadele <mm@omnix.net>
#
# Script audit and contributions from Carmichael Security <http://www.carmichaelsecurity.com>
#      Erik Anderson <eanders@carmichaelsecurity.com>
#      Added BugtraqID
#
# (minor changes by rd)
#


if(description)
{
 script_id(10705);
 script_bugtraq_id(3112);
 script_version ("$Revision: 38 $");
 name["english"]  = "SimpleServer remote execution";
 name["francais"] = "SimpleServer execution de commandes a distance";

 script_name(english:name["english"], francais:name["francais"]);

 desc["english"] ="
By sending a specially encoded string to the remote server,
it is possible to execute remote commands with the 
privileges of the server.

Solution: Upgrade SimpleServer to version 1.15.
Risk factor : High";

 script_description(english:desc["english"]);

 summary["english"] = "Check the remote execution vulnerability in SimpleServer";

 script_summary(english:summary["english"]);

 script_category(ACT_GATHER_INFO);

 script_copyright(english: "Mathieu Meadele <mm@omnix.net>");

 family["english"]  = "Gain root remotely";
 family["francais"] = "Passer root