crt0mega
/
skipfish
1
0
Fork 0
Code Issues 1 Pull Requests Projects Releases Wiki Activity

1.19b - New ODBC POI added and Apache config file detection tightened up.

This commit is contained in:
Steve Pinkham 2010-03-24 08:37:50 -04:00
parent 8199ba27af
commit 75e1b5ddd5
4 changed files with 54 additions and 24 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

50
ChangeLog
View File

@ -1,8 +1,17 @@
Version 1.19b:
--------------
- New ODBC POI added.
- Apache config file detection tightened up.
Version 1.18b:
--------------
- Fix a potential NULL ptr deref with malformed Set-Cookie.
- Another last-resort HTML detection pattern added.
Version 1.17b:
--------------
@ -13,14 +22,15 @@ Version 1.16b:
- Fixed a typo introduced in 1.16 to index.html (d'oh).
- Further refinements to Makefile CFLAGS / LIBS / LDFLAGS.
- Further refinements to Makefile CFLAGS / LIBS / LDFLAGS to keep
package maintainers happy.
Version 1.15b:
--------------
- Better documentation of why certain issues are not reported by skipfish.
- Better documentation on why certain issues are not reported by skipfish.
- Another minor tweak to path mapping detection logic.
- Another minor tweak to improve path mapping detection logic.
Version 1.14b:
--------------
@ -28,18 +38,19 @@ Version 1.14b:
- Several new wordlist entries, courtesy of Glastopf Honeypot:
http://glastopf.org/index.php
- A tweak to path mapping detection logic to detect certain path mappings.
- A tweak to path mapping detection logic to detect certain path mappings
that may result in crawl loops.
- Makefile now honors external LDFLAGS, CFLAGS.
- Some more documentation tweaks.
- Some more documentation tweaks and rewrites.
- PUT detection logic.
- PUT detection logic added.
Version 1.13b:
--------------
- Improved password, file form detection.
- Improved password, file form detection slightly.
Version 1.12b:
--------------
@ -51,27 +62,27 @@ Version 1.12b:
Version 1.11b:
--------------
- SIGWINCH support: you can now resize your window while scanning.
- SIGWINCH support: you can now cleanly resize your window while scanning.
- Typo in report category name fixed.
- Terminal color fix for non-standard themes.
- Terminal color fix (for users with non-standard color themes).
- Fixed icons license (GPL -> LGPL).
- Corrected icons license (GPL -> LGPL).
- Fixed a typo in -b ffox headers.
- Fixed a potential NULL pointer crash in form parsing.
- Fixed a potential NULL ptr deref when doing form parsing.
Version 1.10b:
--------------
- Fix to extensions-only.wl.
- Fix to extensions-only.wl (some bad keywords removed).
Version 1.09b:
--------------
- Fix for a potential NULL pointer crash in probabilistic scan mode (<100%).
- Fix for a potential NULL ptr deref in probabilistic scan mode (<100%).
Version 1.08b:
--------------
@ -81,30 +92,31 @@ Version 1.08b:
Version 1.07b:
--------------
- Several build fixes for FreeBSD, MacOS X.
- Several build fixes for FreeBSD, MacOS X (-I, -L paths).
Version 1.06b:
--------------
- Minor documentation updates.
- Minor documentation updates, typos fixed, etc.
Version 1.05b:
--------------
- Another workaround for FORTIFY_SOURCE on MacOS X.
- A more robust workaround for FORTIFY_SOURCE (MacOS X).
Version 1.04b:
--------------
- Workaround for *BSD systems with malloc J or Z options set
by default.
- Workaround for *BSD systems with malloc J or Z options set by default
(0x5a5a5a5a deref after realloc()).
- A minor tweak to reject certain not-quite-URLs extracted from JS.
Version 1.01b:
--------------
- Workaround for a glitch in FORTIFY_SOURCE on Linux.
- Workaround for a glitch in FORTIFY_SOURCE on Linux (causing crash
on startup).
Version 1.00b:
--------------

22
analysis.c
View File

@ -2243,6 +2243,12 @@ static void check_for_stuff(struct http_request* req,
return;
}
if (inl_strcasestr(res->payload, (u8*)";database=") &&
inl_strcasestr(res->payload, (u8*)";pwd=")) {
problem(PROB_FILE_POI, req, res, (u8*)"ODBC connect string", req->pivot, 0);
return;
}
if (strstr((char*)sniffbuf, "<cross-domain-policy>")) {
problem(PROB_FILE_POI, req, res, (u8*)
"Flash cross-domain policy", req->pivot, 0);
@ -2256,9 +2262,21 @@ static void check_for_stuff(struct http_request* req,
}
if (inl_strcasestr(sniffbuf, (u8*)"\nAuthType ") ||
inl_strcasestr(sniffbuf, (u8*)"\nOptions ") ||
(inl_strcasestr(sniffbuf, (u8*)"\nOptions ") && (
inl_strcasestr(sniffbuf, (u8*)"\nOptions +") ||
inl_strcasestr(sniffbuf, (u8*)"\nOptions -") ||
inl_strcasestr(sniffbuf, (u8*)"\nOptions All") ||
inl_strcasestr(sniffbuf, (u8*)"\nOptions Exec") ||
inl_strcasestr(sniffbuf, (u8*)"\nOptions Follow") ||
inl_strcasestr(sniffbuf, (u8*)"\nOptions In") ||
inl_strcasestr(sniffbuf, (u8*)"\nOptions Mult") ||
inl_strcasestr(sniffbuf, (u8*)"\nOptions Sym"))) ||
inl_strcasestr(sniffbuf, (u8*)"\n<Directory ") ||
inl_strcasestr(sniffbuf, (u8*)"\nRequire ")) {
(inl_strcasestr(sniffbuf, (u8*)"\nRequire ") && (
inl_strcasestr(sniffbuf, (u8*)"\nRequire valid") ||
inl_strcasestr(sniffbuf, (u8*)"\nRequire user") ||
inl_strcasestr(sniffbuf, (u8*)"\nRequire group") ||
inl_strcasestr(sniffbuf, (u8*)"\nRequire file")))) {
problem(PROB_FILE_POI, req, res, (u8*)"Apache config file", req->pivot, 0);
return;
}

2
config.h
View File

@ -23,7 +23,7 @@
#ifndef _HAVE_CONFIG_H
#define _HAVE_CONFIG_H
#define VERSION "1.18b"
#define VERSION "1.19b"
#define USE_COLOR 1 /* Use terminal colors */

4
http_client.c
View File

@ -1383,7 +1383,7 @@ u8 parse_response(struct http_request* req, struct http_response* res,
if (!cval) { cval = val; val = 0; }
SET_CK(val, cval, &res->hdr);
if (cval) SET_CK(val, cval, &res->hdr);
if (val) {
@ -1400,7 +1400,7 @@ u8 parse_response(struct http_request* req, struct http_response* res,
/* Set cookie globally, but ignore obvious attempts to delete
existing ones. */
if (!ignore_cookies && cval[0])
if (!ignore_cookies && val && cval[0])
SET_CK(val, cval, &global_http_par);
}