Changeset 403

Timestamp:

05/04/2010 09:06:26 PM (3 years ago)

Author:

sullo

Message:

Fix for false positives when response is a redirect. A bit of fallout from getting rid of
some global variables, using %mark and not %response.

Location:

trunk/plugins

Files:

• nikto_core.plugin (modified) (2 diffs)
• nikto_robots.plugin (modified) (1 diff)
• nikto_tests.plugin (modified) (1 diff)

trunk/plugins/nikto_core.plugin

@@ -55 +55 @@
 ###############################################################################
 sub is_404 {
-    my ($uri, $content, $rescode) = @_;
+    my ($uri, $content, $rescode, $loc_header) = @_;
     $ext = get_ext($uri);
 
@@ -62 +62 @@
     }
     elsif ($FoF{$ext}{'mode'} eq "REDIR") {
-        if ($result{'location'} eq $FoF{$ext}{'location'}) {
+        if ($loc_header eq $FoF{$ext}{'location'}) {
             return 1;
         }

trunk/plugins/nikto_robots.plugin

@@ -37 +37 @@
 sub nikto_robots {
     my ($mark) = @_;
-    (my $RES, $CONTENT) = nfetch($mark, "/robots.txt", "GET", "", "", "", "robots");
+    my %headers;
+    (my $RES, $CONTENT) = nfetch($mark, "/robots.txt", "GET", "", \%headers, "", "robots");
 
-    if (($RES eq 200) || ($RES eq $FoF{'okay'}{'response'}))    # got one!
+    if (($RES eq 200) || ($RES eq $FoF{'okay'}{'response'}))
     {
-        if (is_404("robots.txt", $CONTENT, $RES)) { return; }
+        if (is_404("robots.txt", $CONTENT, $RES, $headers{'location'})) { return; }
 
         my ($DIRS, $RFILES) = "";

trunk/plugins/nikto_tests.plugin

@@ -137 +137 @@
                 # lastly check for a false positive based on file extension or type
                 if (($m1_method eq "code") || ($m1o_method eq "code")) {
-                    if (is_404($uri, $content, $res)) { next; }
+                    if (is_404($uri, $content, $res, $headers{'location'})) { next; }
                 }