Microsoft SQL Server TCP/IP Listener Product Database Detection

2018-03-19T00:00:00
ID MSSQLSERVER_PRODUCT_DETECT.NASL
Type nessus
Reporter Tenable
Modified 2018-04-03T00:00:00

Description

The remote host is running an MSSQL database with default credentials. It may be possible to determine the product associated with the database based on the default credentials.

                                        
                                            #
# (C) Tenable Network Security, Inc.
#

include("compat.inc");

if (description)
{
 script_id(108409);
 script_version("1.2");
 script_cvs_date("Date: 2018/04/03 14:08:32");

 script_name(english:"Microsoft SQL Server TCP/IP Listener Product Database Detection");
 script_summary(english:"A product database was detected via the Microsoft SQL TCP/IP listener.");

 script_set_attribute(attribute:"synopsis", value:
"A database server for a product is listening on the remote port.");
 script_set_attribute(attribute:"description", value:
"The remote host is running an MSSQL database with default credentials.
It may be possible to determine the product associated with the
database based on the default credentials.");
 script_set_attribute(attribute:"risk_factor", value:"None");
 script_set_attribute(attribute:"solution", value:"n/a");

 script_set_attribute(attribute:"plugin_publication_date", value:"2018/03/19");

 script_set_attribute(attribute:"plugin_type", value:"remote");
 script_end_attributes();

 script_category(ACT_GATHER_INFO);
 script_family(english:"Databases");

 script_copyright(english:"This script is Copyright (C) 2018 and is owned by Tenable, Inc. or an Affiliate thereof.");

 script_dependencies("mssql_brute_force.nasl");
 script_require_ports("mssql/product_database_port", "Settings/ParanoidReport");

 exit(0);
}

include("audit.inc");
include("global_settings.inc");
include("misc_func.inc");

if (report_paranoia < 2) audit(AUDIT_PARANOID);

port = get_kb_item_or_exit("mssql/product_database_port");
prod = get_kb_item_or_exit("mssql/"+port+"/database/product");

pos_products = [
  "PC America Restaurant Pro Express / Cash Register Express",
];

foreach pos_product (pos_products)
{
  if (prod == pos_product)
    set_kb_item(name:"PCI/POS/"+port, value:prod);
}

url = get_kb_item("mssql/"+port+"/database/product_link");

report = 
  '\n  Product : ' + prod;

if (!empty_or_null(url))
  report += '\n  URL     : ' + url;

report +=
  '\n';

security_report_v4(severity:SECURITY_NOTE,port:port, extra:report);