1.13b - Improved password, file form detection.
This commit is contained in:
parent
e29db14ace
commit
cb51cd8988
|
@ -1,3 +1,8 @@
|
|||
Version 1.13b:
|
||||
--------------
|
||||
|
||||
- Improved password, file form detection.
|
||||
|
||||
Version 1.12b:
|
||||
--------------
|
||||
|
||||
|
|
13
README
13
README
|
@ -156,8 +156,9 @@ A rough list of the security checks offered by the tool is outlined below.
|
|||
- All external URL redirectors (optional).
|
||||
- Links to unknown protocols.
|
||||
- Form fields that could not be autocompleted.
|
||||
- All HTML forms detected.
|
||||
- Password entry forms (for external brute-force).
|
||||
- File upload forms.
|
||||
- All other HTML forms detected.
|
||||
- Numerical file names (for external brute-force).
|
||||
- User-supplied links otherwise rendered on a page.
|
||||
- Incorrect or missing MIME type on less significant content.
|
||||
|
@ -443,7 +444,9 @@ improve the tool by contributing code in one of these areas, please let me know:
|
|||
|
||||
* Search engine integration (vhosts, starting paths).
|
||||
|
||||
* VIEWSTATE decoding.
|
||||
* More specific PHP tests (eval injection, RFI).
|
||||
|
||||
* VIEWSTATE decoding.
|
||||
|
||||
* NTLM and digest authentication.
|
||||
|
||||
|
@ -451,12 +454,16 @@ improve the tool by contributing code in one of these areas, please let me know:
|
|||
currently employed by skipfish; but in the long run, should be provided as
|
||||
a last-resort option.
|
||||
|
||||
* Scan resume option.
|
||||
* Scan resume option.
|
||||
|
||||
* Option to limit document sampling or save samples directly to disk.
|
||||
|
||||
* Standalone installation (make install) support.
|
||||
|
||||
* Config file support.
|
||||
|
||||
* A database for banner / version checks?
|
||||
|
||||
-------------------------------------
|
||||
8. Oy! Something went horribly wrong!
|
||||
-------------------------------------
|
||||
|
|
19
analysis.c
19
analysis.c
|
@ -448,7 +448,7 @@ static void collect_form_data(struct http_request* req,
|
|||
struct http_response* orig_res,
|
||||
u8* cur_str, u8 is_post) {
|
||||
|
||||
u8 has_xsrf = 0, pass_form = 0;
|
||||
u8 has_xsrf = 0, pass_form = 0, file_form = 0;
|
||||
u32 tag_cnt = 0;
|
||||
|
||||
DEBUG("* collect_form_data() entered\n");
|
||||
|
@ -550,7 +550,9 @@ static void collect_form_data(struct http_request* req,
|
|||
|
||||
}
|
||||
|
||||
if (inl_strcasestr(tag_name, (u8*) "passw")) pass_form = 1;
|
||||
if (!strcasecmp((char*)tag_type, "password") ||
|
||||
inl_strcasestr(tag_name, (u8*) "passw")) pass_form = 1;
|
||||
else if (!strcasecmp((char*)tag_type, "file")) file_form = 1;
|
||||
|
||||
ck_free(tag_name);
|
||||
ck_free(tag_type);
|
||||
|
@ -577,10 +579,17 @@ final_checks:
|
|||
if (pass_form) {
|
||||
problem(PROB_PASS_FORM, req, orig_res, NULL, req->pivot, 0);
|
||||
} else {
|
||||
if (tag_cnt && !has_xsrf)
|
||||
|
||||
if (tag_cnt && !has_xsrf) {
|
||||
if (file_form)
|
||||
problem(PROB_FILE_FORM, req, orig_res, NULL, req->pivot, 0);
|
||||
problem(PROB_VULN_FORM, req, orig_res, NULL, req->pivot, 0);
|
||||
else
|
||||
problem(PROB_FORM, req, orig_res, NULL, req->pivot, 0);
|
||||
} else {
|
||||
if (file_form)
|
||||
problem(PROB_FILE_FORM, req, orig_res, NULL, req->pivot, 0);
|
||||
else
|
||||
problem(PROB_FORM, req, orig_res, NULL, req->pivot, 0);
|
||||
}
|
||||
}
|
||||
|
||||
}
|
||||
|
|
|
@ -232,8 +232,9 @@ var issue_desc= {
|
|||
"10503": "All e-mail addresses",
|
||||
"10504": "Links to unknown protocols",
|
||||
"10505": "Unknown form field (can't autocomplete)",
|
||||
"10601": "HTML form found",
|
||||
"10601": "HTML form (not classified otherwise)",
|
||||
"10602": "Password entry form - consider brute-force",
|
||||
"10603": "File upload form",
|
||||
"10701": "User-supplied link rendered on a page",
|
||||
"10801": "Incorrect or missing MIME type (low risk)",
|
||||
"10802": "Generic MIME used (low risk)",
|
||||
|
|
2
config.h
2
config.h
|
@ -23,7 +23,7 @@
|
|||
#ifndef _HAVE_CONFIG_H
|
||||
#define _HAVE_CONFIG_H
|
||||
|
||||
#define VERSION "1.12b"
|
||||
#define VERSION "1.13b"
|
||||
|
||||
#define USE_COLOR 1 /* Use terminal colors */
|
||||
|
||||
|
|
|
@ -202,6 +202,7 @@ u8 is_c_sens(struct pivot_desc* pv);
|
|||
|
||||
#define PROB_FORM 10601 /* XSRF-safe form */
|
||||
#define PROB_PASS_FORM 10602 /* Password form */
|
||||
#define PROB_FILE_FORM 10603 /* File upload form */
|
||||
|
||||
#define PROB_USER_LINK 10701 /* User-supplied A link */
|
||||
|
||||
|
|
Loading…
Reference in New Issue