API tools faq
paste
Advertisement
MageComp

Magento SUPEE 6788 Check

MageComp
Oct 28th, 2015
315
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
PHP 3.37 KB | None | 0 0
raw download clone embed print report
  1. <?php
  2. // 0.13
  3. //
  4. // PATH TO MAGENTO ROOT
  5. //
  6. $_magentoPath='/home/www/magento/';
  7.  
  8. if (!file_exists($_magentoPath. 'app/Mage.php')) {
  9.     echo 'Magento not found!'. "\n";
  10.     exit;
  11. }
  12.  
  13. // SECURITY PATCHES and APPSECS
  14. //
  15. $_securityPatches=array(
  16.     'SUPEE-6788' => array
  17.     (
  18.         'APPSEC-1034' => array(
  19.             'text' => 'addressing bypassing custom admin URL',
  20.             'exec' => array(
  21.                 'path' => array(
  22.                         $_magentoPath. 'app/code/*'
  23.                     ),
  24.                 'cmd' => 'grep -irl ' ,
  25.                 'query' => array(
  26.                     '"<use>admin</use>"'
  27.                     )
  28.             ),
  29.             'magentopath' => $_magentoPath),
  30.         'APPSEC-1063' => array(
  31.             'text' => 'addressing possible SQL injection',
  32.             'exec' => array(
  33.                 'path' => array(
  34.                         $_magentoPath. 'app/code/community/*',
  35.                         $_magentoPath. 'app/code/local/*'
  36.                     ),
  37.                 'cmd' => 'grep -irl ' ,
  38.                 'query' => array(
  39.                     '"collection->addFieldToFilter(\'"',
  40.                     '"collection->addFieldToFilter(\'\`"',
  41.                 )
  42.             ),
  43.             'magentopath' => $_magentoPath),
  44.         'APPSEC-1057' => array(
  45.             'text' => 'template processing method allows access to private information',
  46.             'exec' => array(
  47.                 'path' => array(
  48.                         $_magentoPath. 'app/code/community/*',
  49.                         $_magentoPath. 'app/code/local/*',
  50.                         $_magentoPath. 'app/locale/*',
  51.                         $_magentoPath. 'app/design/frontend/*'
  52.                     ),
  53.                 'cmd' => 'grep -irl ' ,
  54.                 'query' => array(
  55.                     '"{{config path="',
  56.                     '"{{block type="',
  57.                 )
  58.             ),
  59.             'magentopath' => $_magentoPath)
  60.     )
  61. );
  62.  
  63. // EXEC
  64. //
  65. echo '*** '. "\033[1;32m". 'Magento security file check'. "\033[0m". ' ***'. "\n";
  66. $_count=1;
  67.  
  68. foreach ($_securityPatches as $_patchName => $_securityNotices)
  69. {
  70.     echo $_patchName. "\n";
  71.     $_total=0;
  72.    
  73.     foreach ($_securityNotices as $_appsec => $_securityNotice)
  74.     {
  75.  
  76.         echo '['. $_count++. '] '. $_appsec. ', '. $_securityNotice['text']. "\n";
  77.        
  78.         $_result=doExec($_securityNotice,$_appsec);
  79.         $_total=$_total + $_result['total'];
  80.        
  81.         echo $_result['text']. "\n";
  82.  
  83.     }
  84.    
  85.     echo $_patchName. ' '. ($_total > 0 ? "\033[1;31m". $_total. "\033[0m". ' affected files.' : $_total. ' affected files.'). "\n";
  86. }
  87.  
  88. echo '***********************************'. "\n";
  89. exit;
  90.  
  91.  
  92. function doExec($_securityNotice,$_appsec)
  93. {
  94.     $_text=''; 
  95.     $_exec=$_securityNotice['exec']['cmd'];
  96.     $_total=0;
  97.    
  98.     foreach ($_securityNotice['exec']['path'] as $_searchPath)
  99.     {
  100.         $_text=$_text.'looking in '. $_searchPath. "\n";           
  101.        
  102.         $_count=0;
  103.         $_search='';
  104.            
  105.         foreach ($_securityNotice['exec']['query'] as $_searchQuery)
  106.         {
  107.  
  108.             exec($_exec. $_searchQuery. ' '. $_searchPath, $_output, $_status);
  109.            
  110.             if (1 === $_status)
  111.             {
  112.                
  113.                 $_text=$_text.$_searchQuery. ' not found.'. "\n";
  114.                 continue;
  115.             }
  116.  
  117.             if (0 === $_status)
  118.             {
  119.                 $_count=$_count + count($_output);
  120.                 $_total=$_total + $_count;
  121.                
  122.                 foreach ($_output as $_line)
  123.                 {
  124.                     $_search=$_search.'['. "\033[1;32m".  $_appsec. "\033[0m". '] '. $_searchQuery. ' found in '. "\033[1;31m". str_replace($_securityNotice['magentopath'],' ', $_line). "\033[0m\n";
  125.                 }
  126.                
  127.             } else {
  128.                 $_text=$_text. 'Command '. $_securityNotice['exec']['cmd']. ' failed with status: ' . $_status. "\n";
  129.             }
  130.            
  131.         }
  132.        
  133.         $_text=$_text.($_count > 0 ? "\033[1;31m". $_count. "\033[0m". ' affected files : ' :  "\033[1;32m". $_count. ' affected files.'. "\033[0m"). "\n". $_search. "\n";
  134.     }
  135.    
  136.     return array(
  137.         'text' => $_text,
  138.         'total' => $_total
  139.     );
  140.    
  141. }
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
Public Pastes
Advertisement
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!