omnihttpd_pro_source_disclosure.nasl

漏洞扫描源码,可以扫描linux,windows,交换机路由器

#
# This script was written by Gregory Duchemin <plugin@intranode.com>
#
# See the Nessus Scripts License for details
#


#### REGISTER SECTION ####

if(description)
{


script_id(10716);
script_bugtraq_id(2788);
 script_version ("$Revision: 116 $");

#Name used in the client window.

name["english"] = "OmniPro HTTPd 2.08 scripts source full disclosure";
name["francais"] = "OmniPro httpd 2.08 r関鑜e le source des scripts.";
script_name(english:name["english"], francais:name["francais"]);


#Description appearing in the OpenVAS client window when clicking on the name.

desc["english"]="
OmniPro HTTPd 2.08 suffers from a security vulnerability that permits 
malicious users to get the full source code of scripting files.

By appending an ASCII/Unicode space char '%20' at the script suffix, 
the web server will no longer interpret it and rather send it back clearly 
as a simple document to the user in the same manner as it usually does to 
process HTML-like files.

The flaw does not work with files located in CGI directories (e.g cgibin, 
cgi-win)

Exploit: GET /test.php%20 HTTP/1.0

Vulnerable systems: up to release 2.08

Solution: The vendor is aware of the problem but so far, no
patch has been made available. Contact your web server vendor 
for a possible solution. Until a complete fix is available, you 
should remove all scripting files from non-executable directories.

Risk factor : Medium";

desc["francais"]="
OmniPro httpd 2.08 contient une faille de s閏urit