From: randy matz (rmatzat_private)
Date: Fri Feb 14 2003 - 07:30:25 PST

  • Next message: sulloat_private: "nmap & nessus"

    When trying to get information from a php file hosted on a site.  How do
    you get the actual webpage content? I am just testing how to do this
    right now, my code is this:
    port = get_kb_item("Services/www");
    if(!port) port = 80;
    if (is_cgi_installed(port:port, item:"/src/login.php"))
      req = http_get(item:string("/src/login.php"), port:port);
      soc = http_open_socket(port);
       send(socket:soc, data:req);
       r = http_recv(socket:soc);
       if(egrep(pattern:".*version.*", string:r))
         security_warning(port:port, data:r);
    The output I get is this:
    HTTP/1.1 200 OK
    Date: Fri, 14 Feb 2003 15:26:33 GMT
    Server: Apache/1.3.27 (Unix) PHP/4.3.0
    X-Powered-By: PHP/4.3.0
    Set-Cookie: PHPSESSID=8f4ea954d90e2241a7cf2858bd78bdc2; path=/
    Expires: Thu, 19 Nov 1981 08:52:00 GMT
    Cache-Control: no-store, no-cache, must-revalidate, post-check=0,
    Pragma: no-cache
    Set-Cookie: PHPSESSID=deleted; expires=Thu, 14-Feb-02 15:26:32 GMT;
    Set-Cookie: username=deleted; expires=Thu, 14-Feb-02 15:26:32 GMT;
    Set-Cookie: key=deleted; expires=Thu, 14-Feb-02 15:26:32 GMT; path=/
    Connection: close
    Transfer-Encoding: chunked
    Content-Type: text/html; charset=iso-8859-1
    Randy C. Matz, System Administrator
    Corporate Technologies USA, Inc., 
    A Vicom Company [NASDAQ: VICM] 2000 44th Street SW Suite 100, Fargo,
    North Dakota, 58103, USA
    1-701-281-5403 - Direct

    This archive was generated by hypermail 2b30 : Fri Feb 14 2003 - 07:32:36 PST