Group Device List for My Network - Ipswitch WhatsUp Professional" >< res) { security_note(port); } } }

#
#  This script was written by David Maciejak <david dot maciejak at kyxar dot fr>
#  This script is released under the GNU GPL v2
#

if(description)
{
 script_id(20000);
 script_version("$Revision: 1.0 $");
# script_bugtraq_id();

 name["english"] = "Ipswitch WhatsUp Professional Authentication bypass detection";

 script_name(english:name["english"]);
 
 desc["english"] = "
Synopsis:

The remote host appears to be running Ipswitch WhatsUp Professional.

Description:

This product is used to monitor states of applications, services and hosts.

This version is prone to authentication bypass flaw, a malicious user can
access your software without having valid credential.

See also: 

http://www.ipswitch.com/products/whatsup/professional/


Risk factor : 

Low / CVSS Base Score: ?????";

 script_description(english:desc["english"]);
 
 summary["english"] = "Checks for Ipswitch WhatsUp Professional Authentication Bypass";
 
 script_summary(english:summary["english"]);
 
 script_category(ACT_GATHER_INFO);
 
 script_copyright(english:"This script is Copyright (C) 2006 David Maciejak");
 
 family["english"] = "Misc.";
 family["francais"] = "Divers";
 script_family(english:family["english"], francais:family["francais"]);
 script_dependencie("http_version.nasl");
 script_require_ports("Services/www", 80, 8022);
 exit(0);
}

#code

include("http_func.inc");
include("http_keepalive.inc");

ports = get_kb_list ("Services/www");

if (isnull(ports))
	ports = make_list (80,8022);
else
	ports = make_list (8022, ports);

foreach port (ports)
{
  if(get_port_state(port))
  {

    req = string(
      "GET ", "/NmConsole/Navigation.asp", " HTTP/1.1\r\n",
      "Host: ", get_host_name(), "\r\n",
		"User-Agent: Ipswitch/1.0", "\r\n",
		"User-Application: NmConsole", "\r\n",
		"Accept: text/xml,application/xml,application/xhtml+xml,text/html,q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5","\r\n",
		"Accept-Language: en-us,en;q=0.5","\r\n",
		"Accept-Encoding: gzip,deflate","\r\n",
		"Keep-Alive: 300","\r\n",
		"Proxy-Connection: keep-alive","\r\n",
		"Referer: ",get_host_name(),"\r\n","\r\n"
    );

    res = http_keepalive_send_recv(port:port, data:req, bodyonly:FALSE);
	 if( res == NULL )exit(0);
	 if ("<title>Group Device List for My Network - Ipswitch WhatsUp Professional" >< res)
	 {
   	security_note(port);
	 }
  }
}