Changeset 75
- Timestamp:
- 09/16/2008 08:52:10 AM (5 years ago)
- Location:
- trunk
- Files:
-
- 4 edited
-
docs/CHANGES.txt (modified) (1 diff)
-
nikto.pl (modified) (1 diff)
-
plugins/nikto_core.plugin (modified) (3 diffs)
-
plugins/nikto_httpoptions.plugin (modified) (1 diff)
Legend:
- Unmodified
- Added
- Removed
-
trunk/docs/CHANGES.txt
r73 r75 1 2008-09-16 plugins/nikto_core.plugin plugins/nikto_httpoptions.plugin 2 - Fix for ticket #37 3 - Allow fetch to optionally call LW2::http_fixup_request 4 - Better handling of extra headers within fetch 1 5 2008-09-14 plugins/db_server_msgs plugins/nikto_*.plugin 2 6 - Update server messages to dynamic database format -
trunk/nikto.pl
r74 r75 163 163 } 164 164 165 nprint("+ %COUNTERS{host_total} host(s) tested");165 nprint("+ $COUNTERS{hosts_total} host(s) tested"); 166 166 send_updates(); 167 167 close_output(); -
trunk/plugins/nikto_core.plugin
r73 r75 1878 1878 delete $request{'Content-Encoding'}; 1879 1879 delete $request{'Content-Length'}; 1880 my $header_hash=$_[3]; 1880 1881 1881 1882 if ($_[2] ne "") … … 1889 1890 if (defined $_[3]) 1890 1891 { 1891 # define temporary hash due to more perl stupidity1892 my $header_hash=$_[3];1893 1892 # loop through the hash ref passed and add each header to request 1894 1893 while (my($key, $value) = each(%$header_hash)) 1895 1894 { 1896 $request{ 'whisker'}->{$key}=$value;1895 $request{$key}=$value; 1897 1896 } 1898 1897 } 1899 1898 $NIKTO{totalrequests}++; 1900 LW2::http_fixup_request(\%request);1899 unless ($_[4]) { LW2::http_fixup_request(\%request); } 1901 1900 LW2::http_do_request_timeout(\%request,\%result); 1902 1901 dump_var("Request Hash", \%request); … … 1911 1910 } 1912 1911 1912 # Clean up extra headers 1913 if (defined $_[3]) 1914 { 1915 while (my($key, $value) = each(%$header_hash)) 1916 { 1917 delete $request{$key}; 1918 } 1919 } 1913 1920 return $result{'whisker'}->{'code'}, $result{'whisker'}->{'data'}; 1914 1921 } -
trunk/plugins/nikto_httpoptions.plugin
r73 r75 62 62 foreach my $m (split /,? /, $public_methods) { eval_methods($m, "Public", $dbarray); } 63 63 } 64 65 # Check for other weirdness 66 # IIS PROPFIND HEADER 67 my %headers=( 68 "Host" => "", 69 "Content-Length" => "0", 70 ); 71 ($RES, $CONTENT) = fetch("/","PROPFIND","",\%headers,1); 72 if ($RES == 207) 73 { 74 if ($CONTENT =~ "<a:href>http://") 75 { 76 my $ipfound=$CONTENT; 77 $ipfound =~ s/^.*<a:href>//g; 78 $ipfound =~ s/<\/a:href>.*$//g; 79 add_vulnerability($CURRENT_HOST_ID,"PROPFIND may show the server's internal IP address: $ipfound",999973,13431); 80 } 81 } 64 82 65 83 # Now release memory for the dbarray
Note: See TracChangeset
for help on using the changeset viewer.
