The attached script (uddi.nasl) finds UDDI-friendly servers (tested on
.NET). The uddi.inc file has the function which creates the XML envelope,
body, and message...
--
John W. Lampe
https://f00dikator.hn.org
#
# Copyright 2002 by John [EMAIL PROTECTED]
#
# See the Nessus Scripts License for details
#
#
if(description)
{
script_id();
script_version ("$Revision: 0.1 $");
name["english"] = "UDDI detection";
script_name(english:name["english"]);
desc["english"] = "
The tested Web server seems to be friendly to UDDI requests. The server could be
potentially offering web services
under some other directory (we only tested the web root directory)
Risk factor : Medium/Low";
script_description(english:desc["english"]);
summary["english"] = "Find UDDI";
script_summary(english:summary["english"]);
script_category(ACT_GATHER_INFO);
script_copyright(english:"This script is Copyright (C) 2002 John
[EMAIL PROTECTED]");
family["english"] = "General";
script_family(english:family["english"]);
exit(0);
}
#
# The script code starts here
#
include("uddi.inc");
port = 80;
mypath = "/";
mymessage = create_uddi_xml(ktype:"UDDI_QUERY_FBUSINESS", path:mypath, key:"",
name:"e"); #loop through ETAOIN?
soc = open_sock_tcp(port);
if(soc) {
send(socket:soc, data:mymessage);
getreply = recv(socket:soc, length:1024);
}
close(soc);
mystr = strstr(getreply, "serviceKey");
if (!mystr) {
if (egrep(pattern: ".*200 OK.*", string:getreply)) {
mywarning = string("The server seems to accept UDDI queries. This could
indicate");
mywarning = string(mywarning, " that the server is offering web services");
security_warning(port:port, data:mywarning);
}
exit(0);
}
flag = 0;
mykey = "";
for (i=12; flag < 1 ; i = i + 1) { #jump over servicekey="
if ( (mystr[i] < "#") && (mystr[i] > "!") ) { # BLECH!
flag = flag + 1;
} else {
mykey = string(mykey, mystr[i]);
}
}
mymessage = create_uddi_xml(ktype:"UDDI_QUERY_GSERVICE_DETAIL", path:mypath,
key:mykey);
soc = open_sock_tcp(port);
if (soc) {
send(socket:soc, data:mymessage);
getreply = recv(socket:soc, length:1024);
}
if (egrep(pattern:mykey, string:getreply)) {
mywarning = string("The server is accepting UDDI queries. This indicates");
mywarning = string(mywarning, " that the server is offering web services");
security_warning(port:port, data:mywarning);
exit(0);
}
if (egrep(pattern: ".*200 OK.*", string:getreply)) {
mywarning = string("The server seems to accept UDDI queries. This could
indicate");
mywarning = string(mywarning, " that the server is offering web services");
security_warning(port:port, data:mywarning);
exit(0);`
}
function create_uddi_xml (ktype,path,key,name) {
envelope_header = string("<?xml version='1.0' encoding='UTF-8'?> <s:Envelope");
envelope_header = string(envelope_header, "
xmlns:s='http://schemas.xmlsoap.org/soap/envelope/'><s:Body>");
get_servicedetail = string("<get_serviceDetail generic='1.0'
xmlns='urn:uddi-org:api'>");
get_servicedetail = string(get_servicedetail, "<serviceKey>", key,
"</serviceKey></get_serviceDetail>");
find_business = string("<find_business generic='1.0' xmlns='urn:uddi-org:api'>");
find_business = string(find_business, "<name>",name,"</name></find_business>");
find_service = string("<find_service generic='1.0' xmlns='urn:uddi-org:api'
businessKey='",key, "'>");
find_service = string(find_service, "<name>", name, "</name></find_service>");
close_envelope = string("</s:Body></s:Envelope>");
if (ktype == "UDDI_QUERY_FBUSINESS") {method = find_business;}
if (ktype == "UDDI_QUERY_FSERVICE") {method = find_service;}
if (ktype == "UDDI_QUERY_GSERVICE_DETAIL") {method = get_servicedetail;}
xml = string(envelope_header, method, close_envelope);
len = strlen(xml);
finished_message = string("POST ", path, " HTTP/1.0\r\n");
finished_message = string(finished_message, "Accept: text/xml\r\n");
finished_message = string(finished_message, "Accept: multipart/*\r\n");
finished_message = string(finished_message, "Host: ", get_host_ip(), "\r\n");
finished_message = string(finished_message, "User-Agent: NESSUS::SOAP\r\n");
finished_message = string(finished_message, "Content-Length: ", len, "\r\n");
finished_message = string(finished_message, "Content-Type: text/xml;
charset=utf-8\r\n");
finished_message = string(finished_message, "SOAPAction: ''\r\n\r\n", xml);
return(finished_message);
}
