403Webshell
Server IP : 80.87.202.40  /  Your IP : 216.73.216.169
Web Server : Apache
System : Linux rospirotorg.ru 5.14.0-539.el9.x86_64 #1 SMP PREEMPT_DYNAMIC Thu Dec 5 22:26:13 UTC 2024 x86_64
User : bitrix ( 600)
PHP Version : 8.2.27
Disable Function : NONE
MySQL : OFF |  cURL : ON |  WGET : ON |  Perl : ON |  Python : OFF |  Sudo : ON |  Pkexec : ON
Directory :  /usr/share/nmap/scripts/

Upload File :
current_dir [ Writeable] document_root [ Writeable]

 

Command :

[ Back ]     

Current File : /usr/share/nmap/scripts/http-vuln-misfortune-cookie.nse
description = [[Detects the RomPager 4.07 Misfortune Cookie vulnerability by safely exploiting it.]]

author = "Andrew Orr"
license = "Same as Nmap--See https://nmap.org/book/man-legal.html"
categories = {"vuln", "intrusive"}

---
-- @see http-vuln-cve2013-6786.nse
--
-- @usage
-- nmap <target> -p 7547 --script=http-vuln-misfortune-cookie
--
-- @output
-- PORT   STATE SERVICE REASON
-- 7547/tcp open  unknown syn-ack
-- | http-vuln-misfortune-cookie:
-- |   VULNERABLE:
-- |   RomPager 4.07 Misfortune Cookie
-- |     State: VULNERABLE
-- |     IDs:  BID:71744  CVE:CVE-2014-9222
-- |     Description:
-- | The cookie handling routines in RomPager 4.07 are vulnerable to remote code
-- | execution. This script has verified the vulnerability by exploiting the web
-- | server in a safe manner.
-- |     References:
-- |       http://www.kb.cert.org/vuls/id/561444
-- |       http://mis.fortunecook.ie/too-many-cooks-exploiting-tr069_tal-oppenheim_31c3.pdf
-- |       http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9222
-- |       http://www.checkpoint.com/blog/fortune-cookie-hole-internet-gateway/index.html
-- |_      http://www.securityfocus.com/bid/71744

local http = require "http"
local shortport = require "shortport"
local vulns = require "vulns"

portrule = shortport.port_or_service(7547, "http")

-- This memory address overwrites the request URI.
-- Other addresses may have other effects, some harmful.
local MAGIC_COOKIE = "C107373883"

local function vuln_to_misfortune_cookie(host, port)
  local request_path = "/nmap_test"
  local options = { cookies = MAGIC_COOKIE .. "=" .. request_path }
  local flag = request_path .. "' was not found on the RomPager server."
  local req = http.get(host, port, "/", options)
  if not(http.response_contains(req, flag)) then
    return false
  end
  return true
end

action = function(host, port)
  local vuln = {
    title = "RomPager 4.07 Misfortune Cookie",
    state = vulns.STATE.NOT_VULN,
    IDS = { CVE = 'CVE-2014-9222', BID = '71744' },
    description = [[
The cookie handling routines in RomPager 4.07 are vulnerable to remote code
execution. This script has verified the vulnerability by exploiting the web
server in a safe manner.]],
    references = {
      "http://www.checkpoint.com/blog/fortune-cookie-hole-internet-gateway/index.html",
      "http://mis.fortunecook.ie/too-many-cooks-exploiting-tr069_tal-oppenheim_31c3.pdf",
      "http://www.kb.cert.org/vuls/id/561444"
    }
  }
  local report = vulns.Report:new(SCRIPT_NAME, host, port)

  if vuln_to_misfortune_cookie(host, port) then
    vuln.state = vulns.STATE.VULN
  else
    vuln.state = vulns.STATE.NOT_VULN
  end

  return report:make_output(vuln)
end

Youez - 2016 - github.com/yon3zu
LinuXploit