1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
|
##
# This file is part of WhatWeb and may be subject to
# redistribution and commercial restrictions. Please see the WhatWeb
# web site for more information on licensing and terms of use.
# http://www.morningstarsecurity.com/research/whatweb
##
Plugin.define "CalendarScript" do
author "Brendan Coles <bcoles@gmail.com>" # 2011-03-19
version "0.1"
description "CalendarScript is a fully customizable event-publishing solution. It gives you everything you'll need to begin, then gives you the power to redefine it to fit your specific needs."
website "http://www.calendarscript.com/"
# Google results as at 2011-03-19 #
# 401 for "Powered by CalendarScript"
# 32 for inurl:calendar_admin.pl intitle:"Calendar Administration : Login"
# 10 for "Powered by CalendarScript" inurl:calendar_admin.pl intitle:"Calendar Administration : Login"
# 9 for "CGISession: Session file" "could not be opened for writing!"
# Dorks #
dorks [
'"Powered by CalendarScript"',
'inurl:calendar_admin.pl intitle:"Calendar Administration : Login"',
'"Powered by CalendarScript" inurl:calendar_admin.pl intitle:"Calendar Administration : Login"',
'"CGISession: Session file" "could not be opened for writing!"'
]
# Matches #
matches [
# GHDB # Admin Page # filename and title
{ :certainty=>75, :ghdb=>'inurl:calendar_admin.pl intitle:Calendar Administration : Login' },
# GHDB # filename and powered by
{ :certainty=>75, :ghdb=>'powered by CalendarScript inurl:calendar.pl filetype:pl' },
# Admin Page # Title
{ :text=>'<HEAD><TITLE>Calendar Administration : Login</TITLE>' },
# Admin Page # Local File Path Detection # Error String
{ :filepath=>/<FONT COLOR="red">CGISession: Session file \[([^\]]+)\] could not be opened for writing!<BR><\/FONT>/ },
# Admin Page # Powered by link
{ :text=>'<FONT color="#FFFFFF" SIZE="-1">Powered by <A HREF="http://www.CalendarScript.com/" STYLE="color:#FFFFFF;">CalendarScript</A></FONT>' },
# Powered by link
{ :text=>'Powered by <A HREF="http://www.CalendarScript.com/" CLASS="footertext" STYLE="text-decoration:underline;">CalendarScript</A>' },
]
# Aggressive #
def aggressive
m=[]
# Local File Path Detection # Find application base path
if @base_uri.path =~ /^[^\n]*\/(calendar_admin\.pl|calendar\.pl)/i
# Generate Random String
random_string=rand(36**6).to_s(36)
# Detect /calendar.pl or /calendar_admin.pl
target_url = @base_uri.path.scan(/^([^\n]*\/)(calendar_admin\.pl|calendar\.pl)/i)[0][0].to_s+"calendar.pl?year="+random_string
# Open application base url + "?year=" + random string
unless target_url.nil?
target = URI.join(@base_uri.to_s,target_url).to_s
status,url,ip,body,headers=open_target(target)
# Extract local file path
m << { :filepath=>body.scan(/^Month '-1' out of range 0\.\.11 at ([^\n^<]+) <a href="#error">line [\d]+<\/a>\.$/).flatten } if body =~ /^Month '-1' out of range 0\.\.11 at ([^\n^<]+) <a href="#error">line [\d]+<\/a>\.$/
end
end
# Return aggressive matches
m
end
end
|
