#VERSION,2.01
# $Id: nikto_put_del_test.plugin 152 2009-08-13 19:37:44Z deity $

###############################################################################
#  Copyright (C) 2007 CIRT, Inc.
#
#  This program is free software; you can redistribute it and/or
#  modify it under the terms of the GNU General Public License
#  as published by the Free Software Foundation; version 2
#  of the License only.
#
#  This program is distributed in the hope that it will be useful,
#  but WITHOUT ANY WARRANTY; without even the implied warranty of
#  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
#  GNU General Public License for more details.
#
#  You should have received a copy of the GNU General Public License
#  along with this program; if not, write to the Free Software
#  Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA  02111-1307, USA.
###############################################################################

###############################################################################
# PURPOSE
# Try put and then delete a file
###############################################################################
sub nikto_put_del_test_init
{
   my $id =
   {
      name         => "put_del_test",
      full_name    => "Put/Delete test",
      author       => "Sullo",
      description  => "Attempts to upload and delete files through the PUT and DELETE HTTP methods.",
      scan_method  => \&nikto_put_del_test,
      copyright    => "2008 CIRT Inc."
   };
   return $id;
}

sub nikto_put_del_test
{
   my ($mark)=@_;
    my $msg;

    # PUT a page
    my $uri = "/nikto-test-" . LW2::utils_randstr(8) . ".html";
    (my $RES, $CONTENT) = nfetch($mark,$uri, "PUT", "This was a Nikto test.");

    # Request it back
    if ($RES eq 201)
    {
        (my $RES, $CONTENT) = nfetch($mark,$uri, "GET");
        if ($CONTENT =~ /This was a Nikto test/)
        {
            add_vulnerability($mark,"HTTP method 'PUT' allows clients to save files on the web server.", 999995, 397, "PUT", $uri);

            # we were able to put it there--can we delete it?
            (my $RES, $CONTENT) = nfetch($mark,$uri, "DELETE");
            if ($RES eq 200)
            {
                (my $RES, $CONTENT) = nfetch($mark,$uri, "GET");
                if ($CONTENT !~ /This was a Nikto test/)    # gone now
                {
                    add_vulnerability($mark,"HTTP method 'DELETE' allows clients to delete files on the web server.", 999994, 5646, "DELETE", $uri);
                }
            }
        }
    }
}

1;