Eklenme Tarihi: 2008-10-20 22:59
#
# This script is (C) Tenable Network Security
#
#
if(description)
{
script_id(15443);
script_bugtraq_id(11348);
script_version ("$Revision: 1.1 $");
name["english"] = "WordPress HTTP Splitting Vulnerability";
script_name(english:name["english"]);
desc["english"] = "
The remote host is running WordPress BLOG, a web blog manager written
in PHP.
The remote version of this software is vulnerable to an HTTP-splitting attack
wherein an attacker can insert CR LF characters and then entice an unsuspecting
user into accessing the URL. The client will parse and possibly act on the
secondary header which was supplied by the attacker.
Solution : Upgrade to the latest version of this software
Risk factor : Medium";
script_description(english:desc["english"]);
summary["english"] = "Checks for the presence of WordPress";
script_summary(english:summary["english"]);
script_category(ACT_ATTACK);
script_copyright(english:"This script is Copyright (C) 2004 Tenable Network Security",
francais:"Ce script est Copyright (C) 2004 Tenable Network Security");
family["english"] = "CGI abuses";
family["francais"] = "Abus de CGI";
script_family(english:family["english"], francais:family["francais"]);
script_dependencie("http_version.nasl");
script_require_ports("Services/www", 80);
exit(0);
}
#
# The script code starts here
#
include("http_func.inc");
include("http_keepalive.inc");
port = get_http_port(default:80);
if(!get_port_state(port))exit(0);
if(!can_host_php(port:port))exit(0);
# The actual attack requires credentials -> do a banner check
function check(loc)
{
res = http_keepalive_send_recv(port:port, data:http_get(item:loc + "/index.php", port:port));
if ( res == NULL ) exit(0);
res = str_replace(find:'\n', replace:'', string:res);
res = str_replace(find:'\r', replace:'', string:res);
if ( "WordPress" >< res && egrep(pattern:'<meta name="generator" content="WordPress (0\\.|1\\.([01]|2"))', string:res)) { security_warning(port); exit(0); }
}
foreach dir ( cgi_dirs() )
{
check(loc:dir);
}
Keywords:
Benzer Sayfalar (Similar Pages):
Bulunamadı. (not found)
Bu Sayfalarda İlginizi Çekebilir (The Links Bellow May Attract You As Well):
Exploit /
Web Apps Exploit /
QWikiwiki Directory Traversal VulnerabilityExploit /
Web Apps Exploit /
vBulletin LAST.PHP SQL Injection VulnerabilityExploit /
Web Apps Exploit /
PHP mcNews <= 1.3 (skinfile) Remote File Include VulnerabilityExploit /
Web Apps Exploit /
phpWebLog <= 0.5.3 Arbitrary File InclusionExploit /
Web Apps Exploit /
myBloggie 2.1.1 - 2.1.2 SQL Injection ExploitExploit /
Web Apps Exploit /
Light Weight Calendar 1.x (date) Remote Code Execution VulnerabilityExploit /
Web Apps Exploit /
d2kBlog 1.0.3 (memName) Remote SQL Injection ExploitExploit /
Web Apps Exploit /
RedBLoG <= 0.5 (cat_id) Remote SQL Injection ExploitExploit /
Web Apps Exploit /
GreyMatter WebLog <= 1.21d Remote Command Execution Exploit (2)Exploit /
Web Apps Exploit /
BetaParticle Blog <= 6.0 (fldGalleryID) Remote SQL Injection ExploitExploit /
Web Apps Exploit /
Simple PHP Blog <= 0.4.7.1 Remote Command Execution ExploitExploit /
Web Apps Exploit /
osCommerce <= 2.2 (extras) Source Code Disclosure VulnerabilityExploit /
Web Apps Exploit /
Sire 2.0 (lire.php) Remote File Inclusion/Arbitary File Upload VulnerabilityExploit /
Web Apps Exploit /
Autonomous LAN Party <= 0.98.1.0 Remote File Inclusion VulnerabilityExploit /
Web Apps Exploit /
ADODB < 4.70 (tmssql.php) Denial of Service VulnerabilityExploit /
Web Apps Exploit /
phpMyAgenda <= 3.0 Final (rootagenda) Remote Include VulnerabilityExploit /
Web Apps Exploit /
Limbo CMS <= 1.0.4.2 (sql.php) Remote File Inclusion VulnerabilityExploit /
Web Apps Exploit /
MyEvent <= 1.3 (myevent_path) Remote File Inclusion VulnerabilityExploit /
Web Apps Exploit /
ezUserManager <= 1.6 Remote File Inclusion VulnerabilityExploit /
Web Apps Exploit /
Squirrelcart <= 2.2.0 (cart_content.php) Remote Inclusion VulnerabilityExploit /
Web Apps Exploit /
TR Newsportal <= 0.36tr1 (poll.php) Remote File Inclusion VulnerabilityExploit /
Web Apps Exploit /
Php Blue Dragon CMS <= 2.9 Remote File Include VulnerabilityExploit /
Web Apps Exploit /
Foing <= 0.7.0 (phpBB) Remote File Inclusion VulnerabilityExploit /
Web Apps Exploit /
pafileDB <= 2.0.1 (mxBB/phpBB) Remote File Inclusion VulnerabilityExploit /
Web Apps Exploit /
ActualAnalyzer Server <= 8.23 (rf) Remote File Include VulnerabilityExploit /
Web Apps Exploit /
EQdkp <= 1.3.0 (dbal.php) Remote File Inclusion VulnerabilityExploit /
Web Apps Exploit /
ACal <= 2.2.6 (day.php) Remote File Inclusion VulnerabilityExploit /
Web Apps Exploit /
VP-ASP 6.00 (shopcurrency.asp) Remote SQL Injection VulnerabilityExploit /
Web Apps Exploit /
TotalCalendar <= 2.30 (inc) Remote File Include VulnerabilityExploit /
Web Apps Exploit /
PrideForum 1.0 (forum.asp) Remote SQL Injection Vulnerability