ID OPENVAS:19426 Type openvas Reporter Copyright (C) 2005 Josh Zlatin-Amishav Modified 2017-03-30T00:00:00
Description
The remote web server contains a web application framework written in
PHP.
Description :
This script detects whether the remote host is running Xaraya and
extracts the version number and location if found.
Xaraya is an extensible, open-source web application framework written
in PHP.
# OpenVAS Vulnerability Test
# $Id: xaraya_detection.nasl 5783 2017-03-30 09:03:43Z cfi $
# Description: Detects Xaraya version
#
# Authors:
# Josh Zlatin-Amishav
#
# Copyright:
# Copyright (C) 2005 Josh Zlatin-Amishav
#
# This program is free software; you can redistribute it and/or modify
# it under the terms of the GNU General Public License version 2,
# as published by the Free Software Foundation
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with this program; if not, write to the Free Software
# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
#
tag_summary = "The remote web server contains a web application framework written in
PHP.
Description :
This script detects whether the remote host is running Xaraya and
extracts the version number and location if found.
Xaraya is an extensible, open-source web application framework written
in PHP.";
if(description)
{
script_id(19426);
script_tag(name:"cvss_base_vector", value:"AV:N/AC:L/Au:N/C:N/I:N/A:N");
script_version("$Revision: 5783 $");
script_tag(name:"last_modification", value:"$Date: 2017-03-30 11:03:43 +0200 (Thu, 30 Mar 2017) $");
script_tag(name:"creation_date", value:"2006-03-26 17:55:15 +0200 (Sun, 26 Mar 2006)");
script_tag(name:"cvss_base", value:"0.0");
script_name("Detects Xaraya version");
script_category(ACT_GATHER_INFO);
script_tag(name:"qod_type", value:"remote_banner");
script_copyright("Copyright (C) 2005 Josh Zlatin-Amishav");
script_family("Web application abuses");
script_dependencies("find_service.nasl", "http_version.nasl");
script_require_ports("Services/www", 80);
script_exclude_keys("Settings/disable_cgi_scanning");
script_xref(name : "URL" , value : "http://www.xaraya.com/");
script_tag(name : "summary" , value : tag_summary);
exit(0);
}
include("http_func.inc");
include("http_keepalive.inc");
port = get_http_port(default:80);
if(!can_host_php(port:port)) exit(0);
foreach dir( make_list_unique( "/xaraya", cgi_dirs( port:port ) ) ) {
if (dir == "") dir = "/";
res = http_get_cache(item:string(dir, "/index.php"), port:port);
if (res == NULL) continue;
if (
# Cookie from Xaraya
"^Set-Cookie: XARAYASID=" >< res ||
# Meta tag from Xaraya
"^X-Meta-Generator: Xaraya ::" >< res ||
# Xaraya look-and-feel
egrep(string:res, pattern:'div class="xar-(alt|block-.+|menu-.+|norm)"')
) {
# Look for the version number in a meta tag.
pat = 'meta name="Generator" content="Xaraya :: ([^"]+)';
matches = egrep(pattern:pat, string:res);
if (matches) {
foreach match (split(matches))
{
ver = eregmatch(pattern:pat, string:match);
if (!isnull(ver))
{
ver = ver[1];
info = string("Xaraya version ", ver, " is installed on the remote host\nunder the path ", dir, ".");
break;
}
}
}
if (isnull(ver))
{
ver = "unknown";
info = string("An unknown version of Xaraya is installed on the remote host\nunder the path ", dir, ".");
}
set_kb_item(
name:string("www/", port, "/xaraya"),
value:string(ver, " under ", dir)
);
report = '\n\nPlugin output :\n\n' + info;
log_message(port:port, data:report);
exit(0);
}
}
{"href": "http://plugins.openvas.org/nasl.php?oid=19426", "history": [], "naslFamily": "Web application abuses", "id": "OPENVAS:19426", "reporter": "Copyright (C) 2005 Josh Zlatin-Amishav", "published": "2006-03-26T00:00:00", "description": "The remote web server contains a web application framework written in\nPHP. \n\nDescription :\n\nThis script detects whether the remote host is running Xaraya and\nextracts the version number and location if found. \n\nXaraya is an extensible, open-source web application framework written\nin PHP.", "title": "Detects Xaraya version", "bulletinFamily": "scanner", "type": "openvas", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: xaraya_detection.nasl 5783 2017-03-30 09:03:43Z cfi $\n# Description: Detects Xaraya version\n#\n# Authors:\n# Josh Zlatin-Amishav\n#\n# Copyright:\n# Copyright (C) 2005 Josh Zlatin-Amishav\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ntag_summary = \"The remote web server contains a web application framework written in\nPHP. \n\nDescription :\n\nThis script detects whether the remote host is running Xaraya and\nextracts the version number and location if found. \n\nXaraya is an extensible, open-source web application framework written\nin PHP.\";\n\nif(description)\n{\n script_id(19426);\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:N/I:N/A:N\");\n script_version(\"$Revision: 5783 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-03-30 11:03:43 +0200 (Thu, 30 Mar 2017) $\");\n script_tag(name:\"creation_date\", value:\"2006-03-26 17:55:15 +0200 (Sun, 26 Mar 2006)\");\n script_tag(name:\"cvss_base\", value:\"0.0\");\n script_name(\"Detects Xaraya version\");\n script_category(ACT_GATHER_INFO);\n script_tag(name:\"qod_type\", value:\"remote_banner\");\n script_copyright(\"Copyright (C) 2005 Josh Zlatin-Amishav\");\n script_family(\"Web application abuses\");\n script_dependencies(\"find_service.nasl\", \"http_version.nasl\");\n script_require_ports(\"Services/www\", 80);\n script_exclude_keys(\"Settings/disable_cgi_scanning\");\n script_xref(name : \"URL\" , value : \"http://www.xaraya.com/\");\n script_tag(name : \"summary\" , value : tag_summary);\n exit(0);\n}\n\ninclude(\"http_func.inc\");\ninclude(\"http_keepalive.inc\");\n\nport = get_http_port(default:80);\nif(!can_host_php(port:port)) exit(0);\n\nforeach dir( make_list_unique( \"/xaraya\", cgi_dirs( port:port ) ) ) {\n\n if (dir == \"\") dir = \"/\";\n res = http_get_cache(item:string(dir, \"/index.php\"), port:port);\n if (res == NULL) continue;\n\n if (\n # Cookie from Xaraya\n \"^Set-Cookie: XARAYASID=\" >< res ||\n # Meta tag from Xaraya\n \"^X-Meta-Generator: Xaraya ::\" >< res ||\n # Xaraya look-and-feel\n egrep(string:res, pattern:'div class=\"xar-(alt|block-.+|menu-.+|norm)\"')\n ) {\n\n # Look for the version number in a meta tag.\n pat = 'meta name=\"Generator\" content=\"Xaraya :: ([^\"]+)';\n matches = egrep(pattern:pat, string:res);\n if (matches) {\n foreach match (split(matches))\n {\n ver = eregmatch(pattern:pat, string:match);\n if (!isnull(ver))\n {\n ver = ver[1];\n info = string(\"Xaraya version \", ver, \" is installed on the remote host\\nunder the path \", dir, \".\");\n break;\n }\n }\n }\n\n if (isnull(ver))\n {\n ver = \"unknown\";\n info = string(\"An unknown version of Xaraya is installed on the remote host\\nunder the path \", dir, \".\");\n }\n\n set_kb_item(\n name:string(\"www/\", port, \"/xaraya\"),\n value:string(ver, \" under \", dir)\n );\n\n report = '\\n\\nPlugin output :\\n\\n' + info;\n log_message(port:port, data:report);\n\n exit(0);\n }\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}, "pluginID": "19426", "hash": "4e388feeed4b5ead09745f6426ec0a3f31c12ccbff66ab36aeeda9e901e1454c", "references": ["http://www.xaraya.com/"], "edition": 1, "cvelist": [], "lastseen": "2017-07-02T21:10:05", "viewCount": 4, "enchantments": {"score": {"value": 0.1, "vector": "NONE", "modified": "2017-07-02T21:10:05"}, "dependencies": {"references": [], "modified": "2017-07-02T21:10:05"}, "vulnersScore": 0.1}, "hashmap": [{"key": "bulletinFamily", "hash": "bbdaea376f500d25f6b0c1050311dd07"}, {"key": "cvelist", "hash": "d41d8cd98f00b204e9800998ecf8427e"}, {"key": "cvss", "hash": "8cd4821cb504d25572038ed182587d85"}, {"key": "description", "hash": "0dbd547328969bc6551723cc4901f6af"}, {"key": "href", "hash": "1cba46adc8f4d9655794d113173339c0"}, {"key": "modified", "hash": "bb6b0fc7b64d17d15f06a6745e0fb713"}, {"key": "naslFamily", "hash": "55199d25018fbdb9b50e6b64d444c3a4"}, {"key": "pluginID", "hash": "b86a77a42bb68c81946ec50cfc95e89d"}, {"key": "published", "hash": "5c6f6b860288479b6860ef9772f7ffd1"}, {"key": "references", "hash": "e74864d3f18f6e55e26d457cf53278ba"}, {"key": "reporter", "hash": "51b9403e156a93e0e56933b6611f200d"}, {"key": "sourceData", "hash": "b43f32425ccf957181c74d84ee94b6e2"}, {"key": "title", "hash": "b2f0f86a3f16704b4395dba326aec58d"}, {"key": "type", "hash": "47c1f692ea47a21f716dad07043ade01"}], "objectVersion": "1.3", "modified": "2017-03-30T00:00:00"}
