lib/scanner/plugins/servers/apache.rb in yawast-0.6.0.beta4 vs lib/scanner/plugins/servers/apache.rb in yawast-0.6.0.beta5
- old
+ new
@@ -45,10 +45,11 @@
check_server_status(uri.copy)
check_server_info(uri.copy)
check_tomcat_manager(uri.copy)
check_tomcat_version(uri.copy)
check_tomcat_put_rce(uri.copy)
+ check_struts2_samples(uri.copy)
end
def self.check_server_status(uri)
check_page_for_string uri, '/server-status', 'Apache Server Status'
end
@@ -138,12 +139,33 @@
# upload the JSP file
req_data = "<% out.println(\"#{check_value}\");%>"
Yawast::Shared::Http.put(uri, req_data)
# check to see of we get check_value back
+ uri.path = uri.path.chomp('/')
res = Yawast::Shared::Http.get(uri)
if res.include? check_value
Yawast::Utilities.puts_vuln "Apache Tomcat PUT RCE (CVE-2017-12615): #{uri}"
+ end
+ end
+
+ def self.check_struts2_samples(uri)
+ search = Array.new
+ search.push '/Struts2XMLHelloWorld/User/home.action'
+ search.push '/struts2-showcase/showcase.action'
+ search.push '/struts2-showcase/titles/index.action'
+ search.push '/struts2-bootstrap-showcase/'
+ search.push '/struts2-showcase/index.action'
+ search.push '/struts2-bootstrap-showcase/index.action'
+ search.push '/struts2-rest-showcase/'
+
+ search.each do |path|
+ uri.path = path
+
+ ret = Yawast::Shared::Http.get_status_code uri
+ if ret == 200
+ Yawast::Utilities.puts_warn "Apache Struts2 Sample Files: #{uri}"
+ end
end
end
def self.check_page_for_string(uri, path, search)
uri.path = path