猜解默认数据库和 conn.asp 暴库的 NASL 脚本

文章作者：zhouzhen [E.S.T]
信息来源：邪恶八进制安全小组

呵呵，脚本语言发挥起来也是很强大的。 ：）



Code:

include("http_func.inc");
include("http_keepalive.inc");

dir = make_list("/data/database.mdb", "/data/data.mdb", "/data/date.mdb", "/data/bbs.mdb", "/data/dvbbs7.mdb", "/data.mdb", "/database.mdb");
#display(dir);

foreach path (dir)
{
 if (port = is_cgi_installed(path))
 {
 #display(path);
 report = "\nUnder the cgi path " + path + " found database!\nYour database is possiblly to be download!\n\n";
 solution = "Solution : you 'd better rename the database name, or move the database to other cgis\n";
 Risk_factor = "Risk factor: High ";
 report = report + solution + Risk_factor;
 security_hole(data:string(report), port:port);
 
 }
 
 }
 
 # conn.asp
 
 port = get_http_port(default:80);

if(!get_port_state(port))exit(0);
 
 dirs = make_list("/conn.inc", "/conn.asp", "/connection.asp", "/inc/conn.inc", "/inc/conn.asp", "/inc/connection.asp");
 
 foreach paths (dirs)
 {
 req = http_get(item:paths, port:port);
 r = http_keepalive_send_recv(port:port, data:req, bodyonly:1);
 if (r == NULL) exit(0);
 if (egrep(pattern:"80004005", string:r))
 {
     info = ereg_replace(pattern:'.*(\'[^0-9]:.*\').*', string:r, replace:'\\1');
     report = 'The path ' + info + ' maybe is the database physical path!\nYour databae is possiblly to be download!\n';
     Solution = '\nSolution : Please modify the conn.asp file add ON ERROR RESUME NEXT statement.\n' + 'Risk factor : Medium\n';
     report = report + Solution;
     security_hole(data:report, port:port);
     display("\n");
    
 }
 }

代码非常短。