On Sun, Apr 04, 2004 at 11:42:12PM -0700, Erik Stephens wrote:
> Attached is a plugin that tests for an information leak vulnerability
> in Ultimate PHP Board. It bums a lot of code off of
> upb_code_injection (id=11671). I have some questions still:
>
> How are we dealing with OSVDB IDs? I defined it using script_xref().
> Is that all right?
This is all right.
> In order to test it using the standalone nasl interpreter, I had to
> feed it the path where I had my test UPB installed, like so:
>
> foreach d (make_list("/my/install/dir", "/board", cgi_dirs()))
>
> Adding webmirror.nasl to the list of dependencies didn't help. Is
> that implicitly depended on? Does it not do anything when running
> from the standalone nasl interpreter?
That only works when working from within nessusd (the nasl interpreter
is really dumb - it executes code, but it's the job of nessusd to do
all the backend communication between plugins).
> foreach d (make_list("/upb", "/board", cgi_dirs()))
Are "/upb" and "/board" really needed ? webmirror.nasl and
DDI_Directory_Scanner.nasl should find the relevant CGI directories
by themselves (and saving us two requests at the same time).
> {
> display(d);
> req = http_get(item:string(d, "/db/users.dat"), port:port);
> res = http_keepalive_send_recv(port:port, data:req);
> if (res == NULL)
> exit(0);
> if (egrep(pattern:"^Admin<~>", string:res))
Is the .dat file binary or pure text ? If it's binary, you definitely
want to use if ( "Admin<~>" >< res ) instead, as egrep() and regular
expressions have a hard time coping with binary data.
-- Renaud
_______________________________________________
Plugins-writers mailing list
Plugins-writers@private
http://mail.nessus.org/mailman/listinfo/plugins-writers
This archive was generated by hypermail 2b30 : Mon Apr 05 2004 - 06:05:13 PDT