On Tue, Mar 05, 2002 at 08:16:17PM -0600, H D Moore wrote:
> Anyone see any problems with the plugins below? They seem to test out pretty
> well, should I go ahead and send in the final versions? Also, theres a couple
> dozen recent bugs that still dont have plugins written for them, how do yall
> want to split these up? (yes i still owe a handful of ones, I will _really_
> try to get these prettied up and sent to Renaud).
>
> # mod_php plugin
That one was already written by Thomas Reinke (see the plugins page for
info). I'd be interested in actually testing for the flaw, that'd be
better and more reliable (my servers have ServerToken = ProductOnly, so
they would not be tested).
> # mod_ssl plugin
> port = get_kb_item("Services/www");
> if(!port)port = 80;
> if(get_port_state(port))
> {
> key = string("www/banner/", port);
> banner = get_kb_item(key);
> if(!banner)
> {
> soc = open_sock_tcp(port);
> req = string("HEAD / HTTP/1.0\r\n\r\n");
> send(socket:soc, data:req);
> banner = recv(socket:soc, length:2000, timeout:20);
> close(soc);
> }
>
> if( egrep(pattern:"(.*mod_ssl/[1-2].[0-8].[0-6])",string:banner))
Seems wrong to me. It will match on version 1.1.6 but not on 1.9.7.
I think the following would be better :
.*mod_ssl/((1..*)|(2\.([0-7]\.[0-9]*)|(8\.[0-6]))).*
-- Renaud
This archive was generated by hypermail 2b30 : Wed Mar 06 2002 - 00:32:44 PST