⭐ 欢迎来到虫虫下载站! | 📦 资源下载 📁 资源专辑 ℹ️ 关于我们
⭐ 虫虫下载站
📤 上传资源

📄 generic_web-inf.nasl

📁 漏洞扫描源码,可以扫描linux,windows,交换机路由器
💻 NASL
字号:
🔍 
## This script was written by Matt Moore <matt.moore@westpoint.ltd.uk>## Script audit and contributions from Carmichael Security <http://www.carmichaelsecurity.com>#      Erik Anderson <eanders@carmichaelsecurity.com>#      Added BugtraqID## See the Nessus Scripts License for details#if(description){ script_id(11037); script_cve_id(   "CVE-2002-1855",    "CVE-2002-1856",    "CVE-2002-1857",    "CVE-2002-1858",    "CVE-2002-1859",    "CVE-2002-1860",    "CVE-2002-1861" ); script_bugtraq_id(5119); script_version("$Revision: 38 $"); name["english"] = "WEB-INF folder accessible"; name["francais"] = "WEB-INF folder accessible"; script_name(english:name["english"], francais:name["francais"]);  desc["english"] = " This vulnerability affects the Win32 versions of multiple j2ee servletcontainers / application servers. By making a particular request to theservers in question it is possible to retrieve files located underthe 'WEB-INF' directory.For example:www.someserver.com/WEB-INF./web.xmlorwww.someserver.com/WEB-INF./classes/MyServlet.classSolution: Contact your vendor for the appropriate patch.Risk factor : Medium"; script_description(english:desc["english"]);  summary["english"] = "Tests for WEB-INF folder access";  script_summary(english:summary["english"]);  script_category(ACT_GATHER_INFO);  script_copyright(english:"This script is Copyright (C) 2002 Matt Moore",		francais:"Ce script est Copyright (C) 2002 Matt Moore"); family["english"] = "CGI abuses"; family["francais"] = "Abus de CGI"; script_family(english:family["english"], francais:family["francais"]); script_dependencie("http_version.nasl"); script_require_ports("Services/www", 80); exit(0);}# Check starts hereinclude("http_func.inc");include("http_keepalive.inc");port = get_http_port(default:80);if(get_port_state(port)){ req = http_get(item:"/WEB-INF./web.xml", port:port); r = http_keepalive_send_recv(port:port, data:req); if ( ! r ) exit(0); confirmed = string("web-app");  confirmed_too = string("?xml"); if ((confirmed >< r) && (confirmed_too >< r)) 	 	security_warning(port);}

⌨️ 快捷键说明

复制代码 Ctrl + C
搜索代码 Ctrl + F
全屏模式 F11
切换主题 Ctrl + Shift + D
显示快捷键 ?
增大字号 Ctrl + =
减小字号 Ctrl + -