Hi,
I've attached a patch to plugin 11359 (UploadLite cgi) to report where
upload.cgi was found. The new version also continues searching all of
the script directories for when the CGI is accessible in multiple locations.
The check for "PerlScriptsJavascript.com" in the HTTP response could
possibly be improved too, as other scripts may include this text. I
didn't change this because the plugin correctly detects Upload Lite, and
I haven't seen any false positives on other scripts. Here is an extract
from the CGI:
# Upload Lite.
# ?2002, PerlscriptsJavaScript.com
#
# Requirements: Perl5 WINDOWS NT or UNIX
# Created: Febuary , 2001
# Author: John Krinelos
#
# Version: 3.22
Regards
--
Simon Ward
Operations Security Specialist, Westpoint Ltd
Albion Wharf, 19 Albion Street, Manchester M1 5LN, United Kingdom
Web: www.westpoint.ltd.uk
Tel: +44-161-2371028
I've attached a patch to plugin 11359 (UploadLite cgi) to report where
upload.cgi was found. The new version also continues searching all of
the script directories for when the CGI is accessible in multiple locations.
The check for "PerlScriptsJavascript.com" in the HTTP response could
possibly be improved too, as other scripts may include this text. I
didn't change this because the plugin correctly detects Upload Lite, and
I haven't seen any false positives on other scripts. Here is an extract
from the CGI:
# Upload Lite.
# ?2002, PerlscriptsJavaScript.com
#
# Requirements: Perl5 WINDOWS NT or UNIX
# Created: Febuary , 2001
# Author: John Krinelos
#
# Version: 3.22
Regards
--
Simon Ward
Operations Security Specialist, Westpoint Ltd
Albion Wharf, 19 Albion Street, Manchester M1 5LN, United Kingdom
Web: www.westpoint.ltd.uk
Tel: +44-161-2371028
Attached Files:
-
upload_lite_cgi_nasl_showpaths.patch (1.01 KB)