Changeset 155


Ignore:
Timestamp:
08/13/2009 09:43:24 PM (4 years ago)
Author:
deity
Message:

More changes to nfetch

File:
1 edited

Legend:

Unmodified
Added
Removed

  • trunk/plugins/nikto_httpoptions.plugin

    r152 r155  
    4343{ 
    4444   my ($mark) = @_; 
     45   my %headers; 
    4546   # test for both OPTIONS / and OPTIONS * as they may give different results 
    46    (my $RES, $CONTENT) = fetch("*", "OPTIONS"); 
    47    my $aoptions = "$result{allow}, "; 
    48    my $poptions = "$result{public}, "; 
     47   (my $res, $content) = nfetch($mark,"*", "OPTIONS", "", \%headers); 
     48   my $aoptions = "$headers{allow}, "; 
     49   my $poptions = "$headers{public}, "; 
    4950   my ($allow_methods, $public_methods, $txt); 
    5051   my $dbarray; 
     
    5253   $dbarray=initialise_db("db_httpoptions"); 
    5354 
    54    ($RES, $CONTENT) = fetch("/", "OPTIONS"); 
    55    $aoptions .= $result{allow}; 
    56    $poptions .= $result{public}; 
     55   ($res, $content) = nfetch($mark,"/", "OPTIONS", "", \%headers); 
     56   $aoptions .= $headers{allow}; 
     57   $poptions .= $headers{public}; 
    5758 
    5859   foreach my $o (split(/,[ ]?/, $aoptions)) { $allow_methods .= ", $o" unless ($allow_methods =~ /\b$o\b/ || $o eq ''); } 
     
    7980   # IIS Debug 
    8081 
    81    ($RES, $CONTENT) = nfetch($mark,"/","DEBUG",); 
    82    if ($RES == 200)  
     82   ($res, $content) = nfetch($mark,"/","DEBUG",); 
     83   if ($res == 200)  
    8384   { 
    8485      add_vulnerability($mark,"DEBUG HTTP verb may show server debugging information",999972,0,"DEBUG"); 
     
    8990      "Content-Length" => "0", 
    9091   ); 
    91    ($RES, $CONTENT) = nfetch($mark,"/","PROPFIND","",\%headers,1); 
    92    if ($RES == 207) 
     92   ($res, $content) = nfetch($mark,"/","PROPFIND","",\%headers,1); 
     93   if ($res == 207) 
    9394   { 
    94       if ($CONTENT =~ "<a:href>http://") 
     95      if ($content =~ "<a:href>http://") 
    9596      { 
    96          my $ipfound=$CONTENT; 
     97         my $ipfound=$content; 
    9798         $ipfound =~ s/^.*<a:href>//g; 
    9899         $ipfound =~ s/<\/a:href>.*$//g; 
     
    111112      { 
    112113         $request{whisker}{version} = $version;  
    113          ($RES, $CONTENT) = nfetch($mark,"/","$method","",\%headers); 
    114          if ($RES == 200) 
     114         ($res, $content) = nfetch($mark,"/","$method","",\%headers); 
     115         if ($res == 200) 
    115116         { 
    116             if ($CONTENT =~ "Nikto") 
     117            if ($content =~ "Nikto") 
    117118            { 
    118119               add_vulnerability($mark,"HTTP $method method is active, suggesting the host is vulnerable to XST",999971,877); 
Note: See TracChangeset for help on using the changeset viewer.