<html xmlns:v="urn:schemas-microsoft-com:vml" xmlns:o="urn:schemas-microsoft-com:office:office" xmlns:w="urn:schemas-microsoft-com:office:word" xmlns:x="urn:schemas-microsoft-com:office:excel" xmlns:p="urn:schemas-microsoft-com:office:powerpoint" xmlns:a="urn:schemas-microsoft-com:office:access" xmlns:dt="uuid:C2F41010-65B3-11d1-A29F-00AA00C14882" xmlns:s="uuid:BDC6E3F0-6DA3-11d1-A2A3-00AA00C14882" xmlns:rs="urn:schemas-microsoft-com:rowset" xmlns:z="#RowsetSchema" xmlns:b="urn:schemas-microsoft-com:office:publisher" xmlns:ss="urn:schemas-microsoft-com:office:spreadsheet" xmlns:c="urn:schemas-microsoft-com:office:component:spreadsheet" xmlns:odc="urn:schemas-microsoft-com:office:odc" xmlns:oa="urn:schemas-microsoft-com:office:activation" xmlns:html="http://www.w3.org/TR/REC-html40" xmlns:q="http://schemas.xmlsoap.org/soap/envelope/" xmlns:rtc="http://microsoft.com/officenet/conferencing" xmlns:D="DAV:" xmlns:Repl="http://schemas.microsoft.com/repl/" xmlns:mt="http://schemas.microsoft.com/sharepoint/soap/meetings/" xmlns:x2="http://schemas.microsoft.com/office/excel/2003/xml" xmlns:ppda="http://www.passport.com/NameSpace.xsd" xmlns:ois="http://schemas.microsoft.com/sharepoint/soap/ois/" xmlns:dir="http://schemas.microsoft.com/sharepoint/soap/directory/" xmlns:ds="http://www.w3.org/2000/09/xmldsig#" xmlns:dsp="http://schemas.microsoft.com/sharepoint/dsp" xmlns:udc="http://schemas.microsoft.com/data/udc" xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns:sub="http://schemas.microsoft.com/sharepoint/soap/2002/1/alerts/" xmlns:ec="http://www.w3.org/2001/04/xmlenc#" xmlns:sp="http://schemas.microsoft.com/sharepoint/" xmlns:sps="http://schemas.microsoft.com/sharepoint/soap/" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:udcs="http://schemas.microsoft.com/data/udc/soap" xmlns:udcxf="http://schemas.microsoft.com/data/udc/xmlfile" xmlns:udcp2p="http://schemas.microsoft.com/data/udc/parttopart" xmlns:st="" xmlns:st1="urn:schemas-microsoft-com:office:smarttags" xmlns="http://www.w3.org/TR/REC-html40"
xmlns:ns0="http://schemas.microsoft.com/sharepoint/soap/workflow/"
xmlns:ns1="http://schemas.microsoft.com/office/2006/digsig-setup"
xmlns:ns2="http://schemas.microsoft.com/office/2006/digsig"
xmlns:ns3="http://schemas.openxmlformats.org/package/2006/digital-signature"
xmlns:ns4="http://schemas.openxmlformats.org/markup-compatibility/2006"
xmlns:ns5="http://schemas.microsoft.com/office/2004/12/omml"
xmlns:ns6="http://schemas.openxmlformats.org/package/2006/relationships"
xmlns:ns7="http://microsoft.com/sharepoint/webpartpages"
xmlns:ns8="http://schemas.microsoft.com/exchange/services/2006/types"
xmlns:ns9="http://schemas.microsoft.com/exchange/services/2006/messages"
xmlns:ns10="http://schemas.microsoft.com/sharepoint/soap/SlideLibrary/"
xmlns:ns11="http://microsoft.com/webservices/SharePointPortalServer/PublishedLinksService"
xmlns:ns12="urn:schemas-microsoft-com:">
<head>
<meta http-equiv=Content-Type content="text/html; charset=us-ascii">
<meta name=Generator content="Microsoft Word 11 (filtered medium)">
<!--[if !mso]>
<style>
v\:* {behavior:url(#default#VML);}
o\:* {behavior:url(#default#VML);}
w\:* {behavior:url(#default#VML);}
.shape {behavior:url(#default#VML);}
</style>
<![endif]--><o:SmartTagType
namespaceuri="urn:schemas-microsoft-com:office:smarttags" name="PersonName"/>
<!--[if !mso]>
<style>
st1\:*{behavior:url(#default#ieooui) }
</style>
<![endif]-->
<style>
<!--a:link
        {mso-style-priority:99;}
span.MSOHYPERLINK
        {mso-style-priority:99;}
a:visited
        {mso-style-priority:99;}
span.MSOHYPERLINKFOLLOWED
        {mso-style-priority:99;}
/* Font Definitions */
@font-face
        {font-family:Wingdings;
        panose-1:5 0 0 0 0 0 0 0 0 0;}
@font-face
        {font-family:Tahoma;
        panose-1:2 11 6 4 3 5 4 4 2 4;}
@font-face
        {font-family:Calibri;
        panose-1:2 15 5 2 2 2 4 3 2 4;}
/* Style Definitions */
p.MsoNormal, li.MsoNormal, div.MsoNormal
        {margin:0in;
        margin-bottom:.0001pt;
        font-size:11.0pt;
        font-family:Calibri;}
a:link, span.MsoHyperlink
        {color:blue;
        text-decoration:underline;}
a:visited, span.MsoHyperlinkFollowed
        {color:purple;
        text-decoration:underline;}
p
        {mso-margin-top-alt:auto;
        margin-right:0in;
        mso-margin-bottom-alt:auto;
        margin-left:0in;
        font-size:12.0pt;
        font-family:"Times New Roman";}
span.EmailStyle17
        {mso-style-type:personal;
        font-family:Calibri;
        color:windowtext;}
span.EmailStyle19
        {mso-style-type:personal-reply;
        font-family:Arial;
        color:blue;
        font-weight:normal;
        font-style:normal;
        text-decoration:none none;}
@page Section1
        {size:8.5in 11.0in;
        margin:1.0in 1.0in 1.0in 1.0in;}
div.Section1
        {page:Section1;}
-->
</style>
<!--[if gte mso 9]><xml>
<o:shapedefaults v:ext="edit" spidmax="1026" />
</xml><![endif]--><!--[if gte mso 9]><xml>
<o:shapelayout v:ext="edit">
<o:idmap v:ext="edit" data="1" />
</o:shapelayout></xml><![endif]-->
</head>
<body lang=EN-US link=blue vlink=purple>
<div class=Section1>
<p class=MsoNormal><font size=1 color=blue face=Arial><span style='font-size:
9.0pt;font-family:Arial;color:blue'>Tony,<o:p></o:p></span></font></p>
<p class=MsoNormal><font size=1 color=blue face=Arial><span style='font-size:
9.0pt;font-family:Arial;color:blue'><o:p> </o:p></span></font></p>
<p class=MsoNormal><font size=1 color=blue face=Arial><span style='font-size:
9.0pt;font-family:Arial;color:blue'>Thanks for emailing!<o:p></o:p></span></font></p>
<p class=MsoNormal><font size=1 color=blue face=Arial><span style='font-size:
9.0pt;font-family:Arial;color:blue'><o:p> </o:p></span></font></p>
<p class=MsoNormal><font size=1 color=blue face=Arial><span style='font-size:
9.0pt;font-family:Arial;color:blue'>The first thing I want to draw your
attention to is the OSVDB entries. <o:p></o:p></span></font></p>
<p class=MsoNormal><font size=1 color=blue face=Arial><span style='font-size:
9.0pt;font-family:Arial;color:blue'><o:p> </o:p></span></font></p>
<p class=MsoNormal><font size=1 color=blue face=Arial><span style='font-size:
9.0pt;font-family:Arial;color:blue'>OSVDB stands for <b><span style='font-weight:
bold'>Open Source Vulnerability Database</span></b>; it offers many lists of
current and past vulns.<o:p></o:p></span></font></p>
<p class=MsoNormal><font size=1 color=blue face=Arial><span style='font-size:
9.0pt;font-family:Arial;color:blue'><o:p> </o:p></span></font></p>
<p class=MsoNormal><font size=1 color=blue face=Arial><span style='font-size:
9.0pt;font-family:Arial;color:blue'>The number that you see in Nikto’s
report (2799) is the unique OSVDB vulnerability number. Go to the OSVDB website
<a href="http://osvdb.org/">http://osvdb.org/</a> and type “2799” in
on the left hand side where it says OSVDB ID Lookup.<o:p></o:p></span></font></p>
<p class=MsoNormal><font size=1 color=blue face=Arial><span style='font-size:
9.0pt;font-family:Arial;color:blue'><o:p> </o:p></span></font></p>
<p class=MsoNormal><font size=1 color=blue face=Arial><span style='font-size:
9.0pt;font-family:Arial;color:blue'>You will then arrive at the page <a
href="http://osvdb.org/show/osvdb/2799">http://osvdb.org/show/osvdb/2799</a> I also
recommend on clicking the security focus link within that report as they often have
PoC’s of the vuln. <o:p></o:p></span></font></p>
<div>
<p><font size=1 color=blue face=Arial><span style='font-size:9.0pt;font-family:
Arial;color:blue'>For example <a
href="http://www.securityfocus.com/archive/1/344032">http://www.securityfocus.com/archive/1/344032</a><o:p></o:p></span></font></p>
<p><font size=1 face=Arial><span style='font-size:9.0pt;font-family:Arial'>Bug
is found in this script:<br>
<br>
DailyDose v 1.1 (by www.onlinearts.net)<br>
<br>
The script (dose.pl) does not check the input:<br>
<br>
$data=$ENV{'QUERY_STRING'};<br>
<br>
($command,$list,$temp, $id) = split ("&",$data,4);<br>
<br>
. . .<br>
<br>
local ($template) = "$tempdir/$temp";<br>
<br>
open(TEMPL, "$template") || print "no file found
$template!";<br>
<br>
#open without check var. $temp<br>
<br>
Example (listing):<br>
<br>
<a href="http://www.someserver.com/cgi-bin/dose.pl?daily&somefile.txt&|ls|">http://www.someserver.com/cgi-bin/dose.pl?daily&somefile.txt&|ls|</a><o:p></o:p></span></font></p>
<p><font size=1 face=Arial><span style='font-size:9.0pt;font-family:Arial'>^
webserver ----------------------------^vuln scrpt^req-----^anyfile--------^
unix command ‘ls’ for list directory.<o:p></o:p></span></font></p>
<p><font size=1 color=blue face=Arial><span style='font-size:9.0pt;font-family:
Arial;color:blue'>If you have any further questions feel free to ask! </span></font><font
size=1 color=blue face=Wingdings><span style='font-size:9.0pt;font-family:Wingdings;
color:blue'>J</span></font><font size=1 color=blue face=Arial><span
style='font-size:9.0pt;font-family:Arial;color:blue'><o:p></o:p></span></font></p>
<p><font size=1 color=blue face=Arial><span style='font-size:9.0pt;font-family:
Arial;color:blue'>P.S yes you are vulnerable, you should probably change the
perl script so that it validates (sanitizes) input. <o:p></o:p></span></font></p>
<p><font size=1 color=blue face=Arial><span style='font-size:9.0pt;font-family:
Arial;color:blue'>Regards,<br>
<br>
<st1:PersonName w:st="on">David Klein</st1:PersonName><br>
<br>
</span></font><font size=1 face=Arial><span style='font-size:9.0pt;font-family:
Arial'><o:p></o:p></span></font></p>
</div>
<div>
<div class=MsoNormal align=center style='text-align:center'><font size=3
face="Times New Roman"><span style='font-size:12.0pt;font-family:"Times New Roman"'>
<hr size=2 width="100%" align=center tabindex=-1>
</span></font></div>
<p class=MsoNormal><b><font size=2 face=Tahoma><span style='font-size:10.0pt;
font-family:Tahoma;font-weight:bold'>From:</span></font></b><font size=2
face=Tahoma><span style='font-size:10.0pt;font-family:Tahoma'>
nikto-discuss-bounces@attrition.org
[mailto:nikto-discuss-bounces@attrition.org] <b><span style='font-weight:bold'>On
Behalf Of </span></b>Tony Wasson<br>
<b><span style='font-weight:bold'>Sent:</span></b> Friday, September 18, 2009
12:47 AM<br>
<b><span style='font-weight:bold'>To:</span></b> nikto-discuss@attrition.org<br>
<b><span style='font-weight:bold'>Subject:</span></b> [Nikto-discuss] Newbie
needs help</span></font><font size=3 face="Times New Roman"><span
style='font-size:12.0pt;font-family:"Times New Roman"'><o:p></o:p></span></font></p>
</div>
<p class=MsoNormal><font size=2 face=Calibri><span style='font-size:11.0pt'><o:p> </o:p></span></font></p>
<p class=MsoNormal><font size=2 face=Calibri><span style='font-size:11.0pt'>I’m
a newbie to nikto, have ran several scans and the output has items like the
ones below,<o:p></o:p></span></font></p>
<table class=MsoNormalTable border=1 cellpadding=0 width="95%" bgcolor="#EEEEEE"
style='width:95.0%;background:#EEEEEE;border:solid black 1.0pt'>
<tr>
<td width=240 valign=top style='width:2.5in;border:none;padding:.75pt .75pt .75pt .75pt'>
<p class=MsoNormal><b><font size=2 color="#000066" face=Tahoma><span
style='font-size:11.0pt;font-family:Tahoma;color:#000066;font-weight:bold'>URI</span></font></b><font
color="#000066" face=Tahoma><span style='font-family:Tahoma;color:#000066'><o:p></o:p></span></font></p>
</td>
<td width=658 style='width:493.75pt;border:none;padding:.75pt .75pt .75pt .75pt'>
<p class=MsoNormal><font size=2 color="#000066" face=Tahoma><span
style='font-size:11.0pt;font-family:Tahoma;color:#000066'>/forum_members.asp?find=%22;}alert('Vulnerable');function%20x(){v%20=%22<o:p></o:p></span></font></p>
</td>
</tr>
<tr>
<td width=240 valign=top style='width:2.5in;border:none;padding:.75pt .75pt .75pt .75pt'>
<p class=MsoNormal><b><font size=2 color="#000066" face=Tahoma><span
style='font-size:11.0pt;font-family:Tahoma;color:#000066;font-weight:bold'>HTTP
Method</span></font></b><font color="#000066" face=Tahoma><span
style='font-family:Tahoma;color:#000066'><o:p></o:p></span></font></p>
</td>
<td width=658 style='width:493.75pt;border:none;padding:.75pt .75pt .75pt .75pt'>
<p class=MsoNormal><font size=2 color="#000066" face=Tahoma><span
style='font-size:11.0pt;font-family:Tahoma;color:#000066'>GET<o:p></o:p></span></font></p>
</td>
</tr>
<tr>
<td width=240 valign=top style='width:2.5in;border:none;padding:.75pt .75pt .75pt .75pt'>
<p class=MsoNormal><b><font size=2 color="#000066" face=Tahoma><span
style='font-size:11.0pt;font-family:Tahoma;color:#000066;font-weight:bold'>Description</span></font></b><font
color="#000066" face=Tahoma><span style='font-family:Tahoma;color:#000066'><o:p></o:p></span></font></p>
</td>
<td width=658 style='width:493.75pt;border:none;padding:.75pt .75pt .75pt .75pt'>
<p class=MsoNormal><font size=2 color="#000066" face=Tahoma><span
style='font-size:11.0pt;font-family:Tahoma;color:#000066'>Web Wiz Forums ver.
7.01 and below is vulnerable to Cross Site Scripting (XSS). CA-2000-02.<o:p></o:p></span></font></p>
</td>
</tr>
<tr>
<td width=240 valign=top style='width:2.5in;border:none;padding:.75pt .75pt .75pt .75pt'>
<p class=MsoNormal><b><font size=2 color="#000066" face=Tahoma><span
style='font-size:11.0pt;font-family:Tahoma;color:#000066;font-weight:bold'>Test
Links</span></font></b><font color="#000066" face=Tahoma><span
style='font-family:Tahoma;color:#000066'><o:p></o:p></span></font></p>
</td>
<td width=658 style='width:493.75pt;border:none;padding:.75pt .75pt .75pt .75pt'>
<p class=MsoNormal><font size=2 color="#000066" face=Tahoma><span
style='font-size:11.0pt;font-family:Tahoma;color:#000066'>http://”mywebsite”/forum_members.asp?find=%22;}alert('Vulnerable');function%20x(){v%20=%22<br>
http:”mywebsiteIP”/forum_members.asp?find=%22;}alert('Vulnerable');function%20x(){v%20=%22
<o:p></o:p></span></font></p>
</td>
</tr>
<tr>
<td width=240 valign=top style='width:2.5in;border:none;padding:.75pt .75pt .75pt .75pt'>
<p class=MsoNormal><b><font size=2 color="#000066" face=Tahoma><span
style='font-size:11.0pt;font-family:Tahoma;color:#000066;font-weight:bold'>OSVDB
Entries</span></font></b><font color="#000066" face=Tahoma><span
style='font-family:Tahoma;color:#000066'><o:p></o:p></span></font></p>
</td>
<td width=658 style='width:493.75pt;border:none;padding:.75pt .75pt .75pt .75pt'>
<p class=MsoNormal><font size=2 color="#000066" face=Tahoma><span
style='font-size:11.0pt;font-family:Tahoma;color:#000066'>OSVDB-0 <o:p></o:p></span></font></p>
</td>
</tr>
<tr>
<td width=240 valign=top style='width:2.5in;border:none;border-left:solid black 1.0pt;
padding:.75pt .75pt .75pt .75pt'>
<p class=MsoNormal><b><font size=2 color="#000066" face=Tahoma><span
style='font-size:11.0pt;font-family:Tahoma;color:#000066;font-weight:bold'>URI<o:p></o:p></span></font></b></p>
</td>
<td width=658 style='width:493.75pt;border:none;border-right:solid black 1.0pt;
padding:.75pt .75pt .75pt .75pt'>
<p class=MsoNormal><font size=2 color="#000066" face=Tahoma><span
style='font-size:11.0pt;font-family:Tahoma;color:#000066'>/scripts/dose.pl?daily&somefile.txt&|ls|<o:p></o:p></span></font></p>
</td>
</tr>
<tr>
<td width=240 valign=top style='width:2.5in;border:none;border-left:solid black 1.0pt;
padding:.75pt .75pt .75pt .75pt'>
<p class=MsoNormal><b><font size=2 color="#000066" face=Tahoma><span
style='font-size:11.0pt;font-family:Tahoma;color:#000066;font-weight:bold'>HTTP
Method<o:p></o:p></span></font></b></p>
</td>
<td width=658 style='width:493.75pt;border:none;border-right:solid black 1.0pt;
padding:.75pt .75pt .75pt .75pt'>
<p class=MsoNormal><font size=2 color="#000066" face=Tahoma><span
style='font-size:11.0pt;font-family:Tahoma;color:#000066'>GET<o:p></o:p></span></font></p>
</td>
</tr>
<tr>
<td width=240 valign=top style='width:2.5in;border:none;border-left:solid black 1.0pt;
padding:.75pt .75pt .75pt .75pt'>
<p class=MsoNormal><b><font size=2 color="#000066" face=Tahoma><span
style='font-size:11.0pt;font-family:Tahoma;color:#000066;font-weight:bold'>Description<o:p></o:p></span></font></b></p>
</td>
<td width=658 style='width:493.75pt;border:none;border-right:solid black 1.0pt;
padding:.75pt .75pt .75pt .75pt'>
<p class=MsoNormal><font size=2 color="#000066" face=Tahoma><span
style='font-size:11.0pt;font-family:Tahoma;color:#000066'>DailyDose 1.1 is
vulnerable to a directory traversal attack in the 'list' parameter.<o:p></o:p></span></font></p>
</td>
</tr>
<tr>
<td width=240 valign=top style='width:2.5in;border:none;border-left:solid black 1.0pt;
padding:.75pt .75pt .75pt .75pt'>
<p class=MsoNormal><b><font size=2 color="#000066" face=Tahoma><span
style='font-size:11.0pt;font-family:Tahoma;color:#000066;font-weight:bold'>Test
Links<o:p></o:p></span></font></b></p>
</td>
<td width=658 style='width:493.75pt;border:none;border-right:solid black 1.0pt;
padding:.75pt .75pt .75pt .75pt'>
<p class=MsoNormal><font size=2 color="#000066" face=Tahoma><span
style='font-size:11.0pt;font-family:Tahoma;color:#000066'>http://”mywebsite”/scripts/dose.pl?daily&somefile.txt&|ls|<br>
http://”mywebsiteIP”/scripts/dose.pl?daily&somefile.txt&|ls|
<o:p></o:p></span></font></p>
</td>
</tr>
<tr>
<td width=240 valign=top style='width:2.5in;border-top:none;border-left:solid black 1.0pt;
border-bottom:solid black 1.0pt;border-right:none;padding:.75pt .75pt .75pt .75pt'>
<p class=MsoNormal><b><font size=2 color="#000066" face=Tahoma><span
style='font-size:11.0pt;font-family:Tahoma;color:#000066;font-weight:bold'>OSVDB
Entries<o:p></o:p></span></font></b></p>
</td>
<td width=658 style='width:493.75pt;border-top:none;border-left:none;
border-bottom:solid black 1.0pt;border-right:solid black 1.0pt;padding:.75pt .75pt .75pt .75pt'>
<p class=MsoNormal><font size=2 color="#000066" face=Tahoma><span
style='font-size:11.0pt;font-family:Tahoma;color:#000066'>OSVDB-2799 <o:p></o:p></span></font></p>
</td>
</tr>
</table>
<p class=MsoNormal><font size=2 face=Calibri><span style='font-size:11.0pt'><o:p> </o:p></span></font></p>
<p class=MsoNormal><font size=2 face=Calibri><span style='font-size:11.0pt'>How
does one interpret this? do I have an actual vulnerability?<o:p></o:p></span></font></p>
<p class=MsoNormal><font size=1 color="#365f91" face=Calibri><span
style='font-size:9.0pt;color:#365F91'><o:p> </o:p></span></font></p>
<p><font size=3 face="Times New Roman"><span style='font-size:12.0pt'>Notice:
This email message, including any attachments, contains information belonging
to Trinity Industries, Inc. and its business units. It has been sent solely for
the use of the intended recipients and may be confidential, proprietary,
copyrighted, and legally privileged. If you are not an intended recipient,
please advise the sender of the error and permanently delete all copies of this
email, including any copies that may reside in your deleted box. The
unauthorized review, use, disclosure, distribution, or copying of this email or
its contents is strictly prohibited.<o:p></o:p></span></font></p>
</div>
</body>
</html>