|
Познавший АНТИЧАТ
Регистрация: 23.08.2007
Сообщений: 1,237
Провел на форуме:
18127311
Репутация:
1676
|
|
Для тех, кто любит автоматизацию, плагин для Nessus, который определяет наличие такой ситуации по наличию в заголовках или теле ответа характерного текста
[CODE]
Code:
# Pseudo register globals detection
include("compat.inc");
if(description)
{
script_id(10797109);
script_version("1.0");
script_cvs_date("$Date: 2019/12/19 13:37:00 $");
script_name(english: "Pseudo Register Globals Detection");
script_set_attribute(attribute: "synopsis", value: "Possible pseudo register globals behavior was detected on the remote host.");
script_set_attribute(attribute: "description", value: "Possible pseudo register globals behavior was detected on the remote host.");
script_set_attribute(attribute: "solution", value: "Check existing source code. Consider rewriting source code without usage of constructions like: extract($_GET), parse_str($_SERVER['QUERY_STRING']) , etc...");
script_set_attribute(attribute: "see_also", value: "https://antichat.com/threads/474727/");
script_set_attribute(attribute: "risk_factor", value: "Low");
script_set_attribute(attribute: "plugin_publication_date", value: "2019/12/19");
script_set_attribute(attribute: "plugin_type", value: "remote");
script_end_attributes();
script_summary(english: "Reports if response with code 500 occurs upon sending '/?this=abc' request. Additional checks should be made manually.");
script_category(ACT_GATHER_INFO);
script_copyright(english: "This script is Copyright (C) Kaimi (https://kaimi.io)");
script_family(english: "CGI abuses");
script_dependencie("webmirror.nasl", "DDI_Directory_Scanner.nasl");
script_exclude_keys("Settings/disable_cgi_scanning");
script_require_keys("Settings/enable_web_app_tests");
script_require_ports("Services/www");
script_timeout(1800);
exit(0);
}
include("audit.inc");
include("global_settings.inc");
include("misc_func.inc");
include("http.inc");
app = "PHP";
port = get_http_port(default: 80);
dirs = list_uniq(make_list(cgi_dirs(), get_kb_list("www/" + port + "/content/directories"), ""));
found_list = make_list();
found_ctr = 0;
foreach dir (dirs)
{
path = dir + '/?this=abc';
res = http_send_recv3(
method : "GET",
port : port,
item : path
);
if(isnull(res))
continue;
if
(
# Check headers first string
eregmatch(pattern: '500 Internal Server Error', string: res[0], icase: TRUE)
||
# Check body
eregmatch(pattern: 'Internal Server Error', string: res[2], icase: TRUE)
)
{
found_list[found_ctr] = path;
found_ctr++;
}
}
if(found_ctr > 0)
{
report = NULL;
if (report_verbosity > 0)
{
report += '\nNessus was able to detect a suspicious behavior by the following paths:\n';
report += '\n';
for (i = 0; i
|