Login | Register For Free | Help
Search for: (Advanced)

Mailing List Archive: Nessus: plugins

PHP & Apache a hazard waiting to happen (DIFF)

 

 

Nessus plugins RSS feed   Index | Next | Previous | View Threaded


noamr at beyondsecurity

Feb 26, 2002, 5:28 AM

Post #1 of 1 (238 views)
Permalink
PHP & Apache a hazard waiting to happen (DIFF)

Hi,

The original NASL is a bit too ... tight for some installation (i.e. Win95,...,
Win2k, etc), this patch would make it a bit more generalized:

Index: php_apache_win32_default.nasl
===================================================================
RCS file: /usr/local/cvs/nessus-plugins/scripts/php_apache_win32_default.nasl,v
retrieving revision 1.1
diff -r1.1 php_apache_win32_default.nasl
67a68,69
> exit(1);
> }
68a71,81
> req = string("GET /php/php.exe?c:\php\install.txt HTTP/1.1\r\n",
> "Host: ", get_host_name(), "\r\n\r\n");
> soc = open_sock_tcp(port);
> if(soc)
> {
> send(socket:soc, data:req);
> r = recv(socket:soc, length:2048);
> close(soc);
> if("PHP/Windows Installation Notes" >< r)
> security_hole(port);
> exit(1);

Thanks
Noam Rathaus
http://www.SecurITeam.com
http://www.BeyondSecurity.com

Nessus plugins RSS feed   Index | Next | Previous | View Threaded
 
 


Interested in having your list archived? Contact Gossamer Threads
 
  Web Applications & Managed Hosting Powered by Gossamer Threads Inc.