[Plugins-writers] Patch for domino_fs_config.nasl (plugin id 10058)

Previous message: Hubert Seiwert: "[Plugins-writers] Bug in wsftp_file_path_parsing_dos.nasl (ID 14584) ?"
Next in thread: George A. Theall: "Re: [Plugins-writers] Patch for domino_fs_config.nasl (plugin id 10058)"
Reply: George A. Theall: "Re: [Plugins-writers] Patch for domino_fs_config.nasl (plugin id 10058)"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

simon@private

I have attached a patch for plugin 10058.  The patch adds the physical
path discovered to the plugin output.  It also modifies the expression
and method of discovering the path.  This works in the real cases I've
spotted, and I think it should work in all the cases where this flaw is
found.

-- 
Simon Ward

Operations Security Specialist, Westpoint Ltd
Albion Wharf, 19 Albion Street, Manchester M1 5LN, United Kingdom

Web: www.westpoint.ltd.uk
Tel: +44-161-2371028

--- /usr/lib/nessus/plugins/domino_fs_config.nasl	2006-10-05 10:41:06.000000000 +0100
+++ domino_fs_config.nasl	2006-10-12 17:57:13.000000000 +0100
@@ -56,5 +56,9 @@
 {
   req = http_get(item:"/cgi-bin/just_a_test_ignore", port:port);
   s = http_keepalive_send_recv(port:port, data:req);
-  if("domino/cgi-bin" >< s)security_warning(port);
+  path = eregmatch(pattern:"([a-zA-Z]:/[^<>]*domino/cgi-bin)/just_a_test_ignore.*", string:s);
+  if(!isnull(path)) {
+    report = "The physical path discovered is : " + path[1];
+    security_warning(port:port, data:report);
+  }
 }

_______________________________________________
Plugins-writers mailing list
Plugins-writers@private
http://mail.nessus.org/mailman/listinfo/plugins-writers
