Dear All,
Please find attached 2 patches for the nessus plugins. I've found these scripts to be inaccurate when tested against a system, and have tried to make some improvements to the scripts, which I would like to submit.
---------------------------------------------- iis_anything_idq.nasl.patch (script_id 10492):
The script consists of 2 tests, one with anything.idq and one with anything.ida. The first test succeeds, but with the anyting.ida, the test failed when the string "<HTML>The IDQ file D:\Inetpub\wwwroot\anything.ida could not be found." was returned, because the return string is not converted to lower case prior to the verification. It is correctly done when testing using the anyting.idq page.
Therefore, I've added a line to convert
str = egrep( pattern:"^<HTML>", string:r ) - "<HTML>"; + str = tolower(str); if ( egrep(pattern:"[a-z]\:\\.*anything", string:str) ) security_warning( port:port ); } ----------------------------------------------- mysql_unpassworded.nasl.patch (script_id 10481)
(note: patch is against v 1.21, i just noticed that we are at 1.22 now)
The script connects to mysql database using root and empty password.
On a system I recently verified, I knew this vulnerability was present, however, when tested using Nessus, the vuln did not get reported.
Analyzing the tcp trace, we saw that the connection was successfull, but the script stopped after receiving the login response.
It seems the script is verifying the login attempt against the following raw string:
expect = raw_string(0x03, 0x00, 0x00, 0x02, 0x00, 0x00, 0x00);
Our system returned a correct login, but still, the returned string was somewhat different.
I think it would be better only to verify the return code from mysql, rather then the complete response, which is the improvement in the script.
The same technique is used in the following script:
http://cvsweb.nessus.org/cgi-bin/cvsweb.cgi/~checkout~/nessus-plugins/scripts/mysql_auth_bypass_zeropass.nasl?content-type=text/plain
I only had the chance to test it against 1 mysql instance for the moment, so regression tests may be advisable here.
-------------------------------------------------
Please let me know what you think about these improvements.
Also, is this the proper way to submit patches?
Thank you.
Kind regards, Kristof Meirlaen
iis_anything_idq.nasl.patch
Description: Binary data
Description: Binary data_______________________________________________ Nessus mailing list [EMAIL PROTECTED] http://mail.nessus.org/mailman/listinfo/nessus
