So, I've set up a PHP OTP client to send the following preferences to the server:
CLIENT <|> PREFERENCES <|> ntp_opt_show_end <|> yes Nmap[radio]:Port range <|> 22-22 Ping the remote host[checkbox]:Do a TCP ping <|> no Ping the remote host[checkbox]:Log live hosts in the report <|> yes port_range <|> 1-1024 plugin_set <|> 1.3.6.1.4.1.25623.1.0.14259;1.3.6.1.4.1.25623.1.0.10335; auto_enable_dependencies <|> no silent_dependencies <|> no <|> CLIENT So, I would think that this means that only two plugins would be enabled (scanner plugins) and that the port range would be limited to 1-1024. As I watch the status messages scroll by it looks like the portscan is limited to 1-1024 but after that it starts running other plugins. I'm seeing it trying to run smb checks, slad checks and other status messages indicating that it is cycling through all available plugins: SERVER <|> STATUS <|> XXX.XXXXXXXXX.XXXXXX <|> attack <|> 6464/8977 <|> SERVER SERVER <|> STATUS <|> XXX.XXXXXXXXX.XXXXXX <|> attack <|> 6823/8977 <|> SERVER SERVER <|> STATUS <|> XXX.XXXXXXXXX.XXXXXX <|> attack <|> 7182/8977 <|> SERVER SERVER <|> STATUS <|> XXX.XXXXXXXXX.XXXXXX <|> attack <|> 7541/8977 <|> SERVER SERVER <|> INFO <|> XXX.XXXXXXXXX.XXXXXX <|> ndl-aas (3128/tcp) <|> \r\n\r\n Overview:\r\n Qwerty CMS is prone to an SQL-injection vulnerability because it fails to\r\n sufficiently sanitize user-supplied data before using it in an SQL query.\r\n\r\n Exploiting this issue could allow an attacker to compromise the application,\r\n access or modify data, or exploit latent vulnerabilities in the underlying\r\n database. \r\n\r\n Risk factor : Medium\nBID : 33885\n <|> 1.3.6.1.4.1.25623.1.0.100013 <|> SERVER Is there something that I am doing incorrectly in the protocol and client preferences? Thanks! Shawn Felix Wolfsteller wrote: > On Monday 16 March 2009 17:01:03 Thomas Reinke wrote: >> Shawn Duffy wrote: >>> What is the syntax for the plugin_set pref? Is it a comma-delimited >>> list of OIDs? Or do I send a separate plugin_set pref for every plugin >>> such as: >>> >>> plugin_set <|> 12345 >>> plugin_set <|> 12346 >> The answer you're looking for is (I believe) a semi-colon delimited >> list of plugin IDs (not OIDs). See below. >> plugin_set <|> 14273;10180;10335;10330;50282 > > At least the recent client _does send OIDs_, like > > plugin_set <|> 1.3.6.1.4.1.25623.1.0.50282;1.3.6.1.4.1.25623.1.0.900070; > > Shawn, if you find inconsistencies in the compendium or find that it could be > improved, please inform us. > Or (and better), if you have the ten minutes for doing it, just modify > the .tex files of the compendium and send a patch to the mailing-list (if you > do not have svn-commit-access yet). > > On the other hand, keep in mind that the new OMP > (http://openvas.org/openvas-cr-28.html and various mailing-list threads) is > visible at the horizon. > > -- felix > _______________________________________________ Openvas-discuss mailing list [email protected] http://lists.wald.intevation.org/mailman/listinfo/openvas-discuss
