Skip to content
GitLab
Explore
Sign in
Register
Primary navigation
Search or go to…
Project
aports
Manage
Activity
Members
Labels
Plan
Issues
Issue boards
Milestones
Code
Merge requests
Repository
Branches
Commits
Tags
Repository graph
Compare revisions
Build
Pipelines
Jobs
Pipeline schedules
Artifacts
Deploy
Releases
Model registry
Monitor
Service Desk
Analyze
Model experiments
Help
Help
Support
GitLab documentation
Compare GitLab plans
Community forum
Contribute to GitLab
Provide feedback
Terms and privacy
Keyboard shortcuts
?
Snippets
Groups
Projects
Show more breadcrumbs
alpine
aports
Commits
8f9f880e
Commit
8f9f880e
authored
3 years ago
by
Ariadne Conill
Browse files
Options
Downloads
Patches
Plain Diff
main/nikto: add mitigation for CVE-2018-11652
parent
abc89b9f
Loading
Loading
No related merge requests found
Changes
2
Hide whitespace changes
Inline
Side-by-side
Showing
2 changed files
main/nikto/APKBUILD
+12
-4
12 additions, 4 deletions
main/nikto/APKBUILD
main/nikto/CVE-2018-11652.patch
+101
-0
101 additions, 0 deletions
main/nikto/CVE-2018-11652.patch
with
113 additions
and
4 deletions
main/nikto/APKBUILD
+
12
−
4
View file @
8f9f880e
...
...
@@ -2,7 +2,7 @@
# Maintainer: Fabio Aires <fabioaires.web@gmail.com>
pkgname
=
nikto
pkgver
=
2.1.6
pkgrel
=
1
pkgrel
=
2
pkgdesc
=
"A web application security scanner"
url
=
"https://www.cirt.net/Nikto2"
arch
=
"noarch"
...
...
@@ -10,9 +10,14 @@ license="GPL-2.0"
options
=
"!check"
# No test suite
depends
=
"perl nmap openssl"
source
=
"
$pkgname
-
$pkgver
.tar.gz::https://github.com/sullo/nikto/archive/
$pkgver
.tar.gz
nikto.conf.base"
nikto.conf.base
CVE-2018-11652.patch"
builddir
=
"
$srcdir
/
$pkgname
-
$pkgver
/program"
# secfixes:
# 2.1.6-r2:
# - CVE-2018-11652
build
()
{
cd
"
$builddir
"
return
0
...
...
@@ -29,5 +34,8 @@ package() {
install
-m
755 nikto.pl
"
$pkgdir
"
/usr/bin
}
sha512sums
=
"13632018ef6862de7dc53c674d7266fcfb7e164bcf3070327c103cbf8737720ffb710ccc8949acc920a6e0a85da1bb7575d073ee245bc2ba3a8a292ad1695e69 nikto-2.1.6.tar.gz
d6e349bd20428e45d6ef49db91630e1c6d65d4cf2107a1f4c58e697d8fceeb428fb90c247fbbf8a8ad6f9d27672790d07040079b94c2480dd77dc445fccd6f69 nikto.conf.base"
sha512sums
=
"
13632018ef6862de7dc53c674d7266fcfb7e164bcf3070327c103cbf8737720ffb710ccc8949acc920a6e0a85da1bb7575d073ee245bc2ba3a8a292ad1695e69 nikto-2.1.6.tar.gz
d6e349bd20428e45d6ef49db91630e1c6d65d4cf2107a1f4c58e697d8fceeb428fb90c247fbbf8a8ad6f9d27672790d07040079b94c2480dd77dc445fccd6f69 nikto.conf.base
c8be4198d6112f7cdcf21ca9a11baff39c0e7f6f63ff364b6bece8362beb4d1393ba0ed1f88ed9273fcf6bad7f8c81e46d73566cb56f0ee017898ddef799cae0 CVE-2018-11652.patch
"
This diff is collapsed.
Click to expand it.
main/nikto/CVE-2018-11652.patch
0 → 100644
+
101
−
0
View file @
8f9f880e
From e759b3300aace5314fe3d30800c8bd83c81c29f7 Mon Sep 17 00:00:00 2001
From: sullo <sullo@cirt.net>
Date: Thu, 31 May 2018 23:30:03 -0400
Subject: [PATCH] Fix CSV injection issue if server responds with a malicious
Server string & CSV output is opened in Excel or other spreadsheet app.
Potentially malicious cell start characters are now prefaced with a ' mark.
Thanks to Adam (@bytesoverbombs) for letting me know!
Also fixed a crash in the outdated plugin if the $sepr field ends up being something that triggers a panic in split().
---
program/plugins/nikto_outdated.plugin | 2 +-
program/plugins/nikto_report_csv.plugin | 41 +++++++++++++++----------
2 files changed, 26 insertions(+), 17 deletions(-)
diff --git a/program/plugins/nikto_outdated.plugin b/program/plugins/nikto_outdated.plugin
index 219505ce..08562c5d 100644
--- program/plugins/nikto_outdated.plugin
+++ program/plugins/nikto_outdated.plugin
@@ -88,7 +88,7 @@
sub nikto_outdated {
$sepr = substr($sepr, (length($sepr) - 1), 1);
# break up ID string on $sepr
- my @T = split(/$sepr/, $mark->{'banner'});
+ my @T = split(/\\$sepr/, $mark->{'banner'});
# assume last is version...
for ($i = 0 ; $i < $#T ; $i++) { $MATCHSTRING .= "$T[$i] "; }
diff --git a/program/plugins/nikto_report_csv.plugin b/program/plugins/nikto_report_csv.plugin
index ce65cfef..76bdb3fd 100644
--- program/plugins/nikto_report_csv.plugin
+++ program/plugins/nikto_report_csv.plugin
@@ -53,10 +53,11 @@
sub csv_host_start {
my ($handle, $mark) = @_;
$mark->{'banner'} =~ s/"/\\"/g;
my $hostname = $mark->{'vhost'} ? $mark->{'vhost'} : $mark->{'hostname'};
- print $handle "\"$hostname\","
- . "\"$mark->{'ip'}\","
- . "\"$mark->{'port'}\"," . "\"\"," . "\"\"," . "\"\","
- . "\"$mark->{'banner'}\"\n";
+ print $handle "\"" . csv_safecell($hostname) . "\","
+ . "\"" . csv_safecell($mark->{'ip'}) . "\","
+ . "\"" . csv_safecell($mark->{'port'}) . "\"," . "\"\"," . "\"\"," . "\"\","
+ #. "\"" . $mark->{'banner'} . "\"\n";
+ . "\"" . csv_safecell($mark->{'banner'}) . "\"\n";
return;
}
@@ -67,33 +68,41 @@
sub csv_item {
foreach my $uri (split(' ', $item->{'uri'})) {
my $line = '';
my $hostname = $item->{'mark'}->{'vhost'} ? $item->{'mark'}->{'vhost'} : $item->{'mark'}->{'hostname'};
- $line .= "\"$hostname\",";
- $line .= "\"$item->{'mark'}->{'ip'}\",";
- $line .= "\"$item->{'mark'}->{'port'}\",";
+ $line .= "\"" . csv_safecell($hostname) . "\",";
+ $line .= "\"" . csv_safecell($item->{'mark'}->{'ip'}) . \",";
+ $line .= "\"" . csv_safecell($item->{'mark'}->{'port'}) . "\",";
$line .= "\"";
if ($item->{'osvdb'} ne '') { $line .= "OSVDB-" . $item->{'osvdb'}; }
$line .= "\",";
$line .= "\"";
- if ($item->{'method'} ne '') { $line .= $item->{'method'}; }
+ if ($item->{'method'} ne '') { $line .= csv_safecell($item->{'method'}); }
$line .= "\",";
$line .= "\"";
if (($uri ne '') && ($mark->{'root'} ne '') && ($uri !~ /^$mark->{'root'}/))
- { $line .= $mark->{'root'} . $uri; }
- else { $line .= $uri; }
+ { $line .= csv_safecell($mark->{'root'}) . $uri; }
+ else { $line .= csv_safecell($uri); }
$line .= "\",";
- my $msg = $item->{'message'};
- $uri=quotemeta($uri);
- my $root = quotemeta($mark->{'root'});
- $msg =~ s/^$uri:\s//;
- $msg =~ s/^$root$uri:\s//;
+ my $msg = $item->{'message'};
+ $uri=quotemeta($uri);
+ my $root = quotemeta($mark->{'root'});
+ $msg =~ s/^$uri:\s//;
+ $msg =~ s/^$root$uri:\s//;
$msg =~ s/"/\\"/g;
- $line .= "\"$msg\"";
+ $line .= "\"" . csv_safecell($msg) ."\"";
print $handle "$line\n";
}
}
+###############################################################################
+# prevent CSV injection attacks
+sub csv_safecell {
+ my $celldata = $_[0] || return;
+ if ($celldata =~ /^[=+@-]/) { $celldata = "'" . $celldata; }
+ return $celldata;
+}
+
1;
This diff is collapsed.
Click to expand it.
Preview
0%
Loading
Try again
or
attach a new file
.
Cancel
You are about to add
0
people
to the discussion. Proceed with caution.
Finish editing this message first!
Save comment
Cancel
Please
register
or
sign in
to comment