Oh, ignore the data:ddidata part in the bottom of the second plugin, we do
reporting a bit differently, which is also why "porting" a plugin to the
regular nessus format takes me some time ;)
On Tuesday 05 March 2002 08:16 pm, H D Moore wrote:
> Anyone see any problems with the plugins below? They seem to test out
> pretty well, should I go ahead and send in the final versions? Also, theres
> a couple dozen recent bugs that still dont have plugins written for them,
> how do yall want to split these up? (yes i still owe a handful of ones, I
> will _really_ try to get these prettied up and sent to Renaud).
>
> # mod_php plugin
>
> port = get_kb_item("Services/www");
> if(!port)port = 80;
> if(get_port_state(port))
> {
> key = string("www/banner/", port);
> banner = get_kb_item(key);
> if(!banner)
> {
> soc = open_sock_tcp(port);
> req = string("HEAD / HTTP/1.0\r\n\r\n");
> send(socket:soc, data:req);
> banner = recv(socket:soc, length:2000, timeout:20);
> close(soc);
> }
>
> if( egrep(pattern:"(.*PHP/4\.0\.)",string:banner) ||
> egrep(pattern:"(.*PHP/3\.0\.)",string:banner) ||
> egrep(pattern:"(.*PHP/4\.1\.[0-1])",string:banner))
> {
> security_warning(port:port);
> }
> }
>
> # mod_ssl plugin
> port = get_kb_item("Services/www");
> if(!port)port = 80;
> if(get_port_state(port))
> {
> key = string("www/banner/", port);
> banner = get_kb_item(key);
> if(!banner)
> {
> soc = open_sock_tcp(port);
> req = string("HEAD / HTTP/1.0\r\n\r\n");
> send(socket:soc, data:req);
> banner = recv(socket:soc, length:2000, timeout:20);
> close(soc);
> }
>
> if( egrep(pattern:"(.*mod_ssl/[1-2].[0-8].[0-6])",string:banner))
> {
> security_warning(port:port, data:ddidata);
> }
> }
This archive was generated by hypermail 2b30 : Tue Mar 05 2002 - 18:17:50 PST