{"pluginID": "136141256231016142", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: ilohamail_conf_files_readable.nasl 9348 2018-04-06 07:01:19Z cfischer $\n# Description: IlohaMail Readable Configuration Files\n#\n# Authors:\n# George A. Theall, <theall@tifaware.com>.\n#\n# Copyright:\n# Copyright (C) 2005 George A. Theall\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ntag_summary = \"The target is running at least one instance of IlohaMail that allows\nanyone to retrieve its configuration files over the web. These files\nmay contain sensitive information. For example, conf/conf.inc may\nhold a username / password used for SMTP authentication.\";\n\ntag_solution = \"Upgrade to IlohaMail version 0.8.14-rc2 or later or\nreinstall following the 'Proper Installation' instructions in the\nINSTALL document.\";\n\nif (description) {\n script_oid(\"1.3.6.1.4.1.25623.1.0.16142\");\n script_version(\"$Revision: 9348 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-04-06 09:01:19 +0200 (Fri, 06 Apr 2018) $\");\n script_tag(name:\"creation_date\", value:\"2005-11-03 14:08:04 +0100 (Thu, 03 Nov 2005)\");\n script_tag(name:\"cvss_base\", value:\"5.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:N/A:N\");\n script_bugtraq_id(12252);\n\n name = \"IlohaMail Readable Configuration Files\";\n script_name(name);\n \n \n summary = \"Checks for Readable Configuration Files in IlohaMail\";\n \n script_category(ACT_GATHER_INFO);\n script_tag(name:\"qod_type\", value:\"remote_vul\");\n script_copyright(\"This script is Copyright (C) 2005 George A. Theall\");\n\n family = \"Remote file access\";\n script_family(family);\n\n script_dependencies(\"global_settings.nasl\", \"ilohamail_detect.nasl\");\n script_require_ports(\"Services/www\", 80);\n\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n exit(0);\n}\n\ninclude(\"global_settings.inc\");\ninclude(\"http_func.inc\");\ninclude(\"http_keepalive.inc\");\n\nport = get_http_port(default:80);\nif (!get_port_state(port)) exit(0);\ndebug_print(\"searching for readable configuration files in IlohaMail on port \", port, \".\");\n\n# Check each installed instance, stopping if we find a vulnerable version.\ninstalls = get_kb_list(string(\"www/\", port, \"/ilohamail\"));\nif (isnull(installs)) exit(0);\nforeach install (installs) {\n matches = eregmatch(string:install, pattern:\"^(.+) under (/.*)$\");\n if (!isnull(matches)) {\n ver = matches[1];\n dir = matches[2];\n debug_print(\"checking version \", ver, \" under \", dir, \".\");\n\n # If this was a quick & dirty install, try to grab a config file.\n if (dir =~ \"/source$\") {\n dir = ereg_replace(string:dir, pattern:\"/source$\", replace:\"/conf\");\n # nb: conf.inc appears first in 0.7.3; mysqlrc.inc was used\n # as far back as 0.7.0.\n foreach config (make_list(\"conf.inc\", \"mysqlrc.inc\")) {\n url = string(dir, \"/\", config);\n debug_print(\"retrieving \", url, \"...\");\n req = http_get(item:url, port:port);\n res = http_keepalive_send_recv(port:port, data:req);\n if (res == NULL) exit(0); # can't connect\n debug_print(\"res =>>\", res, \"<<.\");\n\n # Does it look like PHP code with variable definitions?\n if (egrep(string:res, pattern:\"<\\?php\") && egrep(string:res, pattern:\"\\$[A-Za-z_]+ *= *.+;\")) {\n# if (egrep(string:res, pattern:\"<\\?php\")) {\n# display(\"It's php code!\\n\");\n# if (egrep(string:res, pattern:\"\\$[A-Za-z_]+ *= *.+;\")) {\n# display(\"It's got variable assignments!\\n\");\n security_message(port:port);\n exit(0);\n#}\n }\n }\n }\n }\n}\n", "history": [], "description": "The target is running at least one instance of IlohaMail that allows\nanyone to retrieve its configuration files over the web. These files\nmay contain sensitive information. For example, conf/conf.inc may\nhold a username / password used for SMTP authentication.", "reporter": "This script is Copyright (C) 2005 George A. Theall", "href": "http://plugins.openvas.org/nasl.php?oid=136141256231016142", "type": "openvas", "hashmap": [{"key": "bulletinFamily", "hash": "bbdaea376f500d25f6b0c1050311dd07"}, {"key": "cvelist", "hash": "d41d8cd98f00b204e9800998ecf8427e"}, {"key": "cvss", "hash": "8cd4821cb504d25572038ed182587d85"}, {"key": "description", "hash": "01d917a9b1098d56b69199e62aec2503"}, {"key": "href", "hash": "f3e2dd645dfb3f06feea5ca47005237e"}, {"key": "modified", "hash": "4fb7fd6149697e74d091717ea3f1ca84"}, {"key": "naslFamily", "hash": "896024d6a85517f1099fb56d90078085"}, {"key": "pluginID", "hash": "ccbd1f00f9e6a2a09079152826b53507"}, {"key": "published", "hash": "df034d9b90ece22f6e868d36506db720"}, {"key": "references", "hash": "d41d8cd98f00b204e9800998ecf8427e"}, {"key": "reporter", "hash": "b5d1b7a52bc153de0829465be24311ce"}, {"key": "sourceData", "hash": "d54e7f7b3e02b9e63b8cef3a4a021725"}, {"key": "title", "hash": "9c0cfaa8a5a24f95774c7bd2de24cc9a"}, {"key": "type", "hash": "47c1f692ea47a21f716dad07043ade01"}], "viewCount": 0, "references": [], "lastseen": "2018-04-06T11:15:52", "published": "2005-11-03T00:00:00", "naslFamily": "Remote file access", "objectVersion": "1.3", "cvelist": [], "id": "OPENVAS:136141256231016142", "hash": "4296afa67a766570323159bd4c6f2341cf8f1dfb9899e0f29dc5d16c520d77f0", "modified": "2018-04-06T00:00:00", "title": "IlohaMail Readable Configuration Files", "edition": 1, "cvss": {"score": 0.0, "vector": "NONE"}, "bulletinFamily": "scanner", "enchantments": {"vulnersScore": 5.0}}

{"result": {}}