function script_id($id, $lookup, $details) { global $showlive, $last30, $org, $site, $uroles, $username, $dbconn; $dbconn->SetFetchMode(ADODB_FETCH_BOTH); if (!$uroles['reports'] && !$uroles['admin']) { if ($org == "" && $site == "") { $org_code = ""; } } else { $org_code = ""; } $sql_filter = ""; if ($org_code) { $sql_filter = " AND ORG='{$org_code}'"; } elseif ($org) { $sql_filter = " AND ORG='{$org}'"; } if ($site) { $sql_filter .= " AND site_code='{$site}'"; } if ($lookup == "bysubnets") { $query = "SELECT t1.site_code, t1.ORG, t3.hostip, t3.hostname, t1.dtLastScanned, t3.service, t3.risk, t3.msg\n\t\t\tFROM vuln_subnets t1\n\t\t\tLEFT JOIN vuln_jobs t2 ON t1.CIDR = t2.fk_name\n\t\t\t\tAND ( t2.scan_SUBMIT >= t1.dtLastScanned OR t1.report_id = t2.report_id )\n\t\t\tLEFT JOIN vuln_nessus_results t3 ON t2.report_id = t3.report_id\n\t\t\tWHERE {$sql_filter} t1.status != 'available' and t1.serial_flag='N' AND\n\t\t\tt3.scriptid='{$id}' GROUP BY t3.hostip ORDER BY INET_NTOA(t3.hostip) ASC"; } elseif ($lookup == "byage") { subtractTime($hours = 0, $minutes = 0, $seconds = 0, $months = 0, $days = 0, $years = 0); $query = "SELECT t1.site_code, t1.ORG, t1.hostip, t1.hostname, t1.lastscandate, t2.service, t2.risk, t2.msg\n\t\t\tFROM vuln_hosts t1\n\t\t\tLEFT JOIN vuln_Incidents t2 ON t1.id = t2.host_id\n\t\t\tWHERE {$sql_filter} t2.status != 'resolved' AND t2.scriptid='{$id}'\n\t\t\tGROUP BY t2.host_id ORDER BY t1.site_code"; } else { $query = "SELECT t2.site_code, t2.ORG, t2.hostip, t2.hostname, t2.lastscandate, t1.service, t1.risk, t1.msg\n\t\t FROM vuln_Incidents t1\n\t\t LEFT JOIN vuln_hosts t2 on t1.host_id=t2.id\n\t\t WHERE t1.scriptid='{$id}' and t1.status = 'open' {$sql_filter} ORDER BY t2.ORG,t2.site_code,t2.lastscandate"; } $result = $dbconn->execute($query); #ECHO "sql=$query<br>"; echo "<table summary=\"Plugin Matches [ <font color=red>{$pid}</a> ]\" border=\"1\" width=\"100%\">"; if ($details == "1") { echo "<tr><td colspan=7><h4>Vulnerabilities found:</h4></tr>\n\t\t<tr>\n\t\t\t<td><font face=\"Verdana\" color=\"#666666\" size=\"4\"><b>Host </b></font></td>\n \t\t<td><font face=\"Verdana\" color=\"#666666\" size=\"4\"><b>Severity </b></font></td>\n \t\t<td colspan=5><font face=\"Verdana\" color=\"#666666\" size=\"4\"><b>Description </b></font></td>\n \t</tr>"; } else { echo "<tr><td colspan=7><h4>Vulnerabilities found:</h4></tr>"; } $htmldetails = ""; $i = 0; while (!$result->EOF) { list($sCODE, $sORG, $hostIP, $hostname, $lastscanned, $service, $risk, $msg) = $result->fields; $i = $i += 1; $msg = preg_replace("/^[ \t]*/", "", $msg); $msg = wordwrap(preg_replace("/\n/", "<br>", $msg), 100, "<br>", 1); if ($details == "1") { $htmldetails .= "<tr>\n\t\t\t<td>{$hostIP}<br>{$hostname}</td>\n \t\t<td>{$service}<br>" . getrisk($risk) . "</td>\n \t\t<td colspan=5>{$msg}</td>\n \t</tr>"; } else { if ($htmldetails == "") { $legendcode = "</table><br>" . printLegend() . "<br><table border=\"1\" width=\"100%\">"; $htmldetails .= "<tr><td>RISK</td><td colspan=6>" . getrisk($risk) . "</td></tr>\n \t\t<tr><td>SERVICE</td><td colspan=6>{$service}</td></tr>\n \t\t<tr><td>MSG</td><td colspan=6>{$msg}</td></tr>\n\t\t\t\t<tr><td colspan=7> </td></tr>\n\t\t\t\t{$legendcode}\n\t\t\t\t<tr><td colspan=7><h4>VULNERABLE HOSTS</h4></td></tr>\n\t\t\t\t<tr><td colspan=7> </td></tr>\n\t\t\t\t<tr><td>COUNT</td>\n\t\t\t\t\t<td>STATUS</td>\n\t\t\t\t\t<td>HOSTIP</td>\n\t\t\t\t\t<td>HOSTNAME</td>\n\t\t\t\t\t<td>SITE</td>\n\t\t\t\t\t<td>ORG</td>\n\t\t\t\t\t<td>LastScanned</td>\n\t\t\t\t</tr>"; } if ($showlive) { $arrHOST = check_host($hostname, $hostIP); if ($arrHOST['hostname']) { $hostname = $arrHOST['hostname']; } if ($arrHOST['hostip']) { $hostIP = $arrHOST['hostip']; } $rating = $arrHOST['rating']; $rating_color = $arrHOST['rating_color']; } if ($sCODE == $sORG) { $sORG = " "; } # no reason to show it twice if (!$showlive || $rating >= 3) { $htmldetails .= "<tr>\n \t\t<td>[{$i}]</td>\n \t\t<td bgcolor=\"{$rating_color}\">{$rating}</td>\n \t\t<td>{$hostIP}</td>\n \t\t<td>{$hostname}</td>\n \t\t<td>{$sCODE}</td>\n \t\t<td>{$sORG}</td>\n \t\t<td>{$lastscanned}</td>\n \t\t</tr>"; } } $result->MoveNext(); } echo $htmldetails; echo "</table>"; }
<?php include "../config.php"; include "../functions.php"; $operazione = $_POST['operazione']; printHTMLHead($stylefile, $jsfile); print "<table width=100%><tr><td valign=top><a href='../home.php'><img src='{$img_home}' width=35px height=35px></a></td>"; print "<td>"; printLegend($img_cube, $img_mea, $img_dim, $img_hier, $img_lev, $img_prop); print "</td></tr></table>"; print "<center>"; print "<form id='form_report' name='form_report' action='../olap/report.php' method='post'>"; print "<table cellspacing=5 cellpadding=5 width=100% border=0>"; print "<tr>"; print "<td width=30% valign='top'>"; print "<script>init_images('{$img_minus}','{$img_plus}')</script>"; include_once "cubes.php"; print "<p>"; print "<div id='divTree'>"; print "</div>"; print "</td>"; print "<td valign=top align=center>"; //*************************************************REPORT ************************************************** print "<table border=1 id='report'>"; print "<tr id='rep_header'>"; print "</tr>"; print "</table>"; //print "<p><a style='width:120px' class='button' href='#' onclick='invia(\"form_report\")'>Create Report</a>"; print "<p><a style='width:120px' class='button' href='#' onClick='check_cube2()'>Create Report</a>"; print "<br>"; //**********************************************Selected Data