zope_path_disclosure.nasl

来自「漏洞扫描源码,可以扫描linux,windows,交换机路由器」· NASL 代码 · 共 89 行

NASL

89 行

## This script was written by Michel Arboi <arboi@alussinan.org>## GPL## http://collector.zope.org/Zope/359#if(description){ script_id(11234); script_bugtraq_id(5806); script_version ("$Revision: 118 $");  name["english"] = "Zope Installation Path Disclosure"; script_name(english:name["english"]);  desc["english"] = "Synopsis :The remote web server contains an application server that is prone toinformation disclosure. Description :There is a minor security problem in all releases of Zope prior toversion 2.5.1b1 - they reveal the installation path when an invalidXML RPC request is sent. See also :http://collector.zope.org/Zope/359Solution : Upgrade to Zope 2.5.1b1 / 2.6.0b1 or later.Risk factor : Low / CVSS Base Score : 2 (AV:R/AC:L/Au:NR/C:P/A:N/I:N/B:N)"; script_description(english:desc["english"]);  summary["english"] = "Checks for Zope installation directory"; script_summary(english:summary["english"]); script_category(ACT_ATTACK);  script_copyright(english:"This script is Copyright (C) 2003 Michel Arboi"); family["english"] = "Web Servers"; script_family(english:family["english"]); script_dependencie("find_service.nes", "http_version.nasl"); script_require_ports("Services/www", 80); script_require_keys("www/zope"); exit(0);}# The script code starts hereinclude("http_func.inc");port = get_http_port(default:80);if(!get_port_state(port))exit(0);s = http_open_socket(port);if (! s) exit(0);# The proof of concept request was:# POST /Documentation/comp_tut HTTP/1.0# Host: localhost# Content-Type: text/xml# Content-length: 93# # <?xml version="1.0"?># <methodCall># <methodName>objectIds</methodName># <params/># </methodCall>## but it does not seem to be necessary IIRC.req = http_post(port: port, item: "/Foo/Bar/OpenVAS");send(socket: s, data: req);a = http_recv(socket: s);if (egrep(string: a,          pattern: "(File|Bobo-Exception-File:) +(/[^/]*)*/[^/]+.py"))  security_note(port);http_close_socket(s);

zope_path_disclosure.nasl - 源码说明

本页面展示了「漏洞扫描源码,可以扫描linux,windows,交换机路由器」中的 zope_path_disclosure.nasl 源码文件，采用 NASL 编程语言编写，共 89 行代码。您可以在线阅读完整代码内容，也可以返回资源详情页下载完整源码包进行本地学习和开发。

虫虫下载站收录了大量与windows相关的技术资源，包括源代码、技术文档、电路图等，是电子工程师和嵌入式开发者的专业学习平台。

⌨️ 快捷键说明

复制代码Ctrl + C

搜索代码Ctrl + F

全屏模式F11

增大字号Ctrl + =

减小字号Ctrl + -

显示快捷键?