function result_id($eventid)
{
global $userinfo, $user_sites, $dbconn;
$dbconn->SetFetchMode(ADODB_FETCH_BOTH);
$query = "SELECT hostip, hostname, service, risk, msg \n FROM vuln_nessus_results\n WHERE result_id='{$eventid}' LIMIT 1";
$result = $dbconn->execute($query);
$numrows = $result->NumRows();
echo "sql={$query}<br>";
if ($numrows < 1) {
die("<h3><font color=red>No Results</font></h3>");
}
echo "<table summary=\"Plugin Matches [ <font color=red>{$pid}</a> ]\" border=\"1\" width=\"100%\">";
if ($details == "1") {
echo <<<EOT
<tr><td colspan=4><h4>Vulnerabilities found:</h4></tr>
<tr>
<td><font face="Verdana" color="#666666" size="4"><b>Host </b></font></td>
<td><font face="Verdana" color="#666666" size="4"><b>Severity </b></font></td>
<td><font face="Verdana" color="#666666" size="4"><b>Description </b></font></td>
</tr>
EOT;
} else {
echo "<tr><td colspan=4><h4>Vulnerabilities found:</h4></tr>";
}
$htmldetails = "";
$i = 0;
while (!$result->EOF) {
list($hostIP, $hostname, $service, $risk, $msg) = $result->fields;
$i = $i += 1;
$msg = preg_replace("/^[ \t]*/", "", $msg);
$msg = wordwrap(preg_replace("/\n/", "<br>", $msg), 100, "<br>", 1);
$msg = hyperlink($msg);
if ($details == "1") {
$htmldetails .= "<tr>\n <td>{$hostIP}<br>{$hostname}</td>\n <td>{$service}<br>" . getrisk($risk) . "</td>\n <td>{$msg}</td>\n</tr>";
} else {
$htmldetails .= "<tr><td>RISK</td><td colspan=4>" . getrisk($risk) . "</td></tr>\n<tr><td>SERVICE</td><td colspan=4>{$service}</td></tr>\n<tr><td>MSG</td><td colspan=4>{$msg}</td></tr>\n<tr><td colspan=4> </td></tr>\n<tr><td colspan=4><h4>VULNERABLE HOSTS</h4></td></tr>\n<tr><td colspan=4> </td></tr>\n<tr><td>HOSTIP</td><td>HOSTNAME</td><td>SITE</td><td>Location</td></tr>\n<tr><td>[{$i}] {$hostIP}</td><td>{$hostname}</td>\n <td> {$sCODE}</td><td>{$sORG}</td></tr>";
}
}
echo $htmldetails;
echo "</table>";
}
$pdf->Cell(95, 6, $hostIP, 1, 0, 'C', 1);
$pdf->Cell(95, 6, $hostname, 1, 0, 'C', 1);
//$pdf->Cell(105, 6, "",1,0,'C');
$pdf->SetFont('', '');
$pdf->Ln();
// now iterate through the scan results for this IP
$all_results = array();
foreach ($scanData as $vuln) {
$exception = "";
$risk_value = $vuln['risk'];
$actual_risk = getrisk($risk_value);
if ($vuln['exception'] != "") {
$exception = "\n" . _("EXCEPTION") . ": {$vuln['exception']}\n";
$risk_value = 8;
}
$risk = getrisk($risk_value);
$info = "";
if ($exception != "") {
$info .= "\n{$exception}";
}
$info .= "\n" . $vuln["pname"];
$info .= "\nRisk:" . $actual_risk;
$info .= "\nApplication:" . $vuln["application"];
$info .= "\nPort:" . $vuln["port"];
$info .= "\nProtocol:" . $vuln["protocol"];
$info .= "\nScriptID:" . $vuln["scriptid"] . "\n\n";
#$info=htmlspecialchars_decode($info);
$msg = trim($vuln['msg']);
$msg = htmlspecialchars_decode($msg);
$msg = preg_replace('/^\\n+/', '', $msg);
$msg = str_replace("'", "'", $msg);
} elseif (preg_match("/cve : (.*)\n?/i", $msg, $found)) {
$cves = str_replace(", ", "<br />", $found[1]);
} else {
$cves = "-";
}
if ($hostname == "") {
$hostname = "unknown";
}
$tmpport1 = preg_split("/\\(|\\)/", $service);
if (sizeof($tmpport1) == 1) {
$tmpport1[1] = $tmpport1[0];
}
$tmpport2 = preg_split("/\\//", $tmpport1[1]);
$service_num = $tmpport2[0];
$service_proto = $tmpport2[1];
$risk_txt = getrisk($risk);
$row[] = $hostname;
$row[] = $hostip;
$row[] = $service;
$row[] = $scriptid;
$row[] = $cvss;
$row[] = $cves;
$row[] = $risk_txt;
$plugin_info = $dbconn->execute("SELECT t2.name, t3.name, t1.copyright, t1.summary, t1.version \n FROM vuln_nessus_plugins{$feed} t1\n LEFT JOIN vuln_nessus_family{$feed} t2 on t1.family=t2.id\n LEFT JOIN vuln_nessus_category{$feed} t3 on t1.category=t3.id\n WHERE t1.id='{$scriptid}'");
list($pfamily, $pcategory, $pcopyright, $psummary, $pversion) = $plugin_info->fields;
$pinfo = array();
if ($pfamily != "") {
$pinfo[] = 'Family name: ' . trim(strip_tags($pfamily));
}
if ($pcategory != "") {
$pinfo[] = 'Category: ' . trim(strip_tags($pcategory));
function origdetails()
{
global $uroles, $user, $sid, $query_risk, $border, $report_id, $scantime, $scantype, $fp, $nfp, $filterip, $enableFP, $enableNotes, $output, $sortby, $dbconn, $arruser;
global $treport, $ipl, $query_byuser, $ips_inrange, $ctx, $key;
$colors = array("Serious" => "#FFCDFF", "High" => "#FFDBDB", "Medium" => "#FFF283", "Low" => "#FFFFC0", "Info" => "#FFFFE3");
$images = array("Serious" => "./images/risk1.gif", "High" => "./images/risk2.gif", "Medium" => "./images/risk3.gif", "Low" => "./images/risk6.gif", "Info" => "./images/risk7.gif");
$levels = array("Serious" => "1", "High" => "2", "Medium" => "3", "Low" => "6", "Info" => "7");
$query_host = '';
if ($filterip) {
$query_host = " AND hostip='{$filterip}'";
}
echo "<center>";
echo "<form>";
echo "<table width=\"900\" class=\"noborder\" style=\"background:transparent;\">";
echo "<tr><td style=\"text-align:left;\" class=\"nobborder\">";
echo "<input id=\"checkboxFP\" type=\"checkbox\" onclick=\"showFalsePositives()\"> <span style=\"color:black\">" . _("View false positives") . "</span>";
echo "</td><td class=\"nobborder\" style=\"text-align:center;\">";
// print the icon legend
if ($enableFP) {
echo "<img alt='True' src='images/true.gif' border=0 align='absmiddle'> - " . _("True result") . " ";
echo "<img alt='False' src='images/false.png' border=0 align='absmiddle'> - " . _("False positive result") . " ";
}
$feed = exists_feed_tables($dbconn);
echo "<img alt='Info' src='images/info.png' border=0 align='absmiddle'> - " . _("Additional information is available");
echo "</td></tr></table>";
echo "</form>";
echo "<br>";
$perms_where = Session::get_ctx_where() != "" ? " AND res.ctx in (" . Session::get_ctx_where() . ")" : "";
if ($ipl == "all") {
$query = "select distinct res.hostIP, HEX(res.ctx) as ctx\n from vuln_nessus_latest_results res\n where falsepositive='N' \n {$perms_where}\n {$query_byuser}";
} else {
if (!empty($ipl) && !empty($ctx)) {
$query = "select distinct res.hostIP, HEX(res.ctx) as ctx\n from vuln_nessus_latest_results res\n where falsepositive='N' \n and res.hostIP='{$ipl}'\n and res.ctx=UNHEX('{$ctx}')\n {$perms_where}\n {$query_byuser}";
} else {
if (!empty($scantime) && !empty($key)) {
$query = "select distinct res.hostIP, HEX(res.ctx) as ctx\n from vuln_nessus_latest_results res, vuln_nessus_latest_reports rep\n where res.falsepositive='N'\n and res.scantime='{$scantime}' \n and res.hostIP=rep.hostIP\n and res.ctx=rep.ctx\n and res.username=rep.username\n and res.sid=rep.sid\n {$perms_where}\n and rep.report_key='{$key}' {$query_byuser}";
}
}
}
$resultp = $dbconn->execute($query);
$host_range = array_keys($ips_inrange);
while (list($hostip, $hostctx) = $resultp->fields) {
$host_id = key(Asset_host::get_id_by_ips($dbconn, $hostip, $hostctx));
if (valid_hex32($host_id)) {
$hostname = Asset_host::get_name_by_id($dbconn, $host_id);
} else {
$hostname = _('unknown');
}
if (in_array($hostip . ";" . $hostctx, $host_range)) {
echo "<div class='hostip'>";
echo "<br><font color='red'><b><a name='{$hostip};{$hostctx}' href='javascript:;' ctx='{$hostctx}' id='{$hostip};{$hostname}' class='HostReportMenu'>{$hostip} - {$hostname}</a></b></font>";
echo "<br><br><table summary=\"{$hostip} - " . _("Reported Ports") . "\">";
echo "<tr><th colspan=2>" . _("Reported Ports") . "</th></tr>";
if (!empty($scantime) && !empty($key)) {
$query = "select distinct res.port, res.protocol\n from vuln_nessus_latest_results res, vuln_nessus_latest_reports rep\n where res.falsepositive='N'\n and res.scantime='{$scantime}' \n and res.hostIP=rep.hostIP\n and res.ctx=rep.ctx\n and res.username=rep.username\n and res.sid=rep.sid\n and res.hostIP='{$hostip}'\n and res.ctx='{$hostctx}'\n and rep.report_key='{$key}' {$query_byuser}) as t group by risk";
} else {
$query = "select distinct res.port, res.protocol\n from vuln_nessus_latest_results res \n where hostip='{$hostip}' and ctx=UNHEX('{$hostctx}') {$query_byuser} AND port > '0' ORDER BY port ASC";
}
$result1 = $dbconn->execute($query);
$k = 1;
$pos = '';
if (!$result1->fields) {
print "<tr><td>" . _("No reported ports found") . "</td></tr>";
} else {
while (list($port, $proto) = $result1->fields) {
if ($k % 2) {
echo "<tr><td>{$port}/{$proto}</td>";
$pos = "open";
} else {
echo "<td>{$port}/{$proto}</td></tr>";
$pos = "closed";
}
$k++;
$result1->MoveNext();
}
// end while
// close up the table
if ($pos != "closed") {
echo "<td> </td></tr>";
}
}
echo "</table><br/>";
echo "<table width='900' summary='{$hostip} - risks'><tr>";
echo "<th>" . _("Vuln Name") . "</th>";
echo "<th>" . _("VulnID") . "</th>";
echo "<th>" . _("Service") . "</th>";
echo "<th>" . _("Severity") . "</th>";
echo "</tr>";
if (!empty($scantime) && !empty($key)) {
if ($feed) {
$query = "select res.result_id, res.service, res.risk, res.falsepositive, res.scriptid, v.name, res.msg, rep.sid\n from vuln_nessus_latest_results AS res LEFT JOIN vuln_nessus_plugins AS v ON v.id=res.scriptid, vuln_nessus_latest_reports rep\n where res.msg<>''\n and res.scantime='{$scantime}' \n and res.hostIP=rep.hostIP\n and res.ctx=rep.ctx\n and res.hostIP='{$hostip}'\n and res.ctx=UNHEX('{$hostctx}')\n and res.username=rep.username\n and res.sid=rep.sid\n and rep.report_key='{$key}' and rep.sid>=0 {$query_byuser}\n UNION DISTINCT\n select res.result_id, res.service, res.risk, res.falsepositive, res.scriptid, v.name, res.msg, rep.sid\n from vuln_nessus_latest_results AS res LEFT JOIN vuln_nessus_plugins_feed AS v ON v.id=res.scriptid, vuln_nessus_latest_reports rep\n where res.msg<>''\n and res.scantime='{$scantime}' \n and res.hostIP=rep.hostIP\n and res.ctx=rep.ctx\n and res.hostIP='{$hostip}'\n and res.ctx=UNHEX('{$hostctx}')\n and res.username=rep.username\n and res.sid=rep.sid\n and rep.report_key='{$key}' and rep.sid<0 {$query_byuser}\n ";
} else {
$query = "select res.result_id, res.service, res.risk, res.falsepositive, res.scriptid, v.name, res.msg, rep.sid\n from vuln_nessus_latest_results AS res LEFT JOIN vuln_nessus_plugins AS v ON v.id=res.scriptid, vuln_nessus_latest_reports rep\n where res.msg<>''\n and res.scantime='{$scantime}' \n and res.hostIP=rep.hostIP\n and res.ctx=rep.ctx\n and res.hostIP='{$hostip}'\n and res.ctx=UNHEX('{$hostctx}')\n and res.username=rep.username\n and res.sid=rep.sid\n and rep.report_key='{$key}' {$query_byuser}";
}
} else {
if ($feed) {
$query = "select res.result_id, res.service, res.risk, res.falsepositive, res.scriptid, v.name, res.msg, rep.sid\n FROM vuln_nessus_latest_results res LEFT JOIN vuln_nessus_plugins AS v ON v.id=res.scriptid, vuln_nessus_latest_reports rep\n WHERE\n res.hostIP=rep.hostIP\n and res.ctx=rep.ctx\n and res.username=rep.username\n and res.sid=rep.sid\n and res.hostIP='{$hostip}'\n and res.ctx=UNHEX('{$hostctx}')\n {$query_byuser} and msg<>'' and rep.sid>=0\n UNION DISTINCT\n select res.result_id, res.service, res.risk, res.falsepositive, res.scriptid, v.name, res.msg, rep.sid\n FROM vuln_nessus_latest_results res LEFT JOIN vuln_nessus_plugins_feed AS v ON v.id=res.scriptid, vuln_nessus_latest_reports rep\n WHERE\n res.hostIP=rep.hostIP\n and res.ctx=rep.ctx\n and res.username=rep.username\n and res.sid=rep.sid\n and res.hostIP='{$hostip}'\n and res.ctx=UNHEX('{$hostctx}')\n {$query_byuser} and msg<>'' and rep.sid<0";
} else {
$query = "select res.result_id, res.service, res.risk, res.falsepositive, res.scriptid, v.name, res.msg, rep.sid\n FROM vuln_nessus_latest_results res LEFT JOIN vuln_nessus_plugins AS v ON v.id=res.scriptid, vuln_nessus_latest_reports rep\n WHERE\n res.hostIP=rep.hostIP\n and res.ctx=rep.ctx\n and res.username=rep.username\n and res.sid=rep.sid\n and res.hostIP='{$hostip}'\n and res.ctx=UNHEX('{$hostctx}')\n {$query_byuser} and msg<>''";
}
}
$query .= " group by risk, port, protocol, app, scriptid, msg order by risk";
$result1 = $dbconn->execute($query);
$arrResults = array();
while (list($result_id, $service, $risk, $falsepositive, $scriptid, $pname, $msg, $sid) = $result1->fields) {
$tmpport1 = preg_split("/\\(|\\)/", $service);
if (sizeof($tmpport1) == 1) {
$tmpport1[1] = $tmpport1[0];
}
$tmpport2 = preg_split("/\\//", $tmpport1[1]);
$service_num = $tmpport2[0];
$service_proto = $tmpport2[1];
$arrResults[] = array($service_num, $service_proto, $service, $risk, $falsepositive, $result_id, $msg, $scriptid, $pname, $sid);
$result1->MoveNext();
}
if (empty($arrResults)) {
// empty, print out message
echo "<tr><td colspan='4'>" . _("No vulnerability results matching this reports filtering criteria were found") . ".</td></tr>";
}
foreach ($arrResults as $arrkey => $value) {
list($service_num, $service_proto, $service, $risk, $falsepositive, $resid, $msg, $scriptid, $pname, $sid) = $value;
$msg = preg_replace("/^[ \t]*/", "", $msg);
$cves_found = "";
if (preg_match_all("/CVE\\-\\d+\\-\\d+/i", $msg, $found)) {
$cves_found = implode(" ", $found[0]);
}
$msg = preg_replace("/[\n\r]/", "<br>", $msg);
$msg = wordwrap($msg, 100, "<br>", 1);
$tmprisk = getrisk($risk);
$msg = preg_replace("/^\\<br\\>/i", "", str_replace("\\r", "", $msg));
$msg = preg_replace("/(Solution|Summary|Details|Overview|Synopsis|Description|See also|Plugin output|References|Vulnerability Insight|Vulnerability Detection|Impact|Impact Level|Affected Software\\/OS|Fix|Information about this scan)\\s*:/", "<b>\\1:</b>", $msg);
// output the table cells
$ancla = $hostip . "_" . $hostctx . "_" . $levels[$tmprisk];
$pname = $pname != "" ? $pname : _("No name");
echo "<tr " . ($falsepositive == 'Y' ? "class=\"trsk risk{$risk} fp\"" : "class=\"trsk risk{$risk}\"") . "style=\"background-color:" . $colors[$tmprisk] . ($falsepositive == 'Y' ? ";display:none;" : "") . "\">";
//echo "<tr>";
echo "<td width=\"50%\" style=\"padding:3px 0px 3px 0px;\"><b>" . $pname . "</b></td>";
echo "<td style=\"padding:3px 0px 3px 0px;\">{$scriptid}</td>";
?>
<td style="padding:3px;" width="180"><?php
echo $service;
?>
</td>
<td style="text-align:center;">
<?php
echo $tmprisk;
?>
<img align="absmiddle" src="<?php
echo $images[$tmprisk];
?>
" style="border: 1px solid ; width: 25px; height: 10px;">
</td>
</tr>
<?php
echo "<tr " . ($falsepositive == 'Y' ? "class=\"trsk risk{$risk} fp\"" : "class=\"trsk risk{$risk}\"") . "style=\"background-color:" . $colors[$tmprisk] . ($falsepositive == 'Y' ? ";display:none;" : "") . "\">";
?>
<td style="padding:3px 0px 3px 6px;text-align:left;">
<a class="msg" name="<?php
echo $resid;
?>
"></a>
<a name="<?php
echo $ancla;
?>
"></a>
<?php
echo $msg;
?>
<font size="1">
<br><br>
</font>
<?php
if ($cves_found != '') {
?>
<a title="<?php
echo _("Info from cve.mitre.org");
?>
" target="cve_mitre_org" href="http://cve.mitre.org/cgi-bin/cvekey.cgi?keyword=<?php
echo urlencode($cves_found);
?>
"><img src="images/cve_mitre.png" border='0'></a>
<!--Add link to popup with Script Info-->
<?php
}
if ($scriptid != "0") {
?>
<!--Add link to popup with Script Info-->
<div lid="<?php
echo $scriptid;
?>
" style="text-decoration:none;display:inline" class="scriptinfo"><img alt="Info" src="images/info.png" border=0></div>
<?php
}
$tmpu = array();
$url = "";
foreach ($_GET as $kget => $vget) {
if ($kget != "pluginid" && $kget != "nfp" && $kget != "fp") {
$tmpu[] = Util::htmlentities($kget) . "=" . urlencode($vget);
}
}
$url = implode("&", $tmpu);
if ($falsepositive == "Y") {
?>
<a href="<?php
echo $_SERVER['SCRIPT_NAME'] . '?' . $url;
?>
&nfp=<?php
echo $resid;
?>
">
<img alt="<?php
echo _("Clear false positive");
?>
" src='images/false.png' title='<?php
echo _("Clear false positive");
?>
' border='0' />
</a>
<?php
} else {
?>
<a href="<?php
echo $_SERVER['SCRIPT_NAME'] . '?' . $url;
?>
&fp=<?php
echo $resid;
?>
">
<img alt="<?php
echo _("Mark as false positive");
?>
" src='images/true.gif' title='<?php
echo _("Mark as false positive");
?>
' border='0' />
</a>
<?php
}
$pticket = "ref=Vulnerability&title=" . urlencode($pname) . "&priority=1&ip=" . urlencode($hostip) . "&port=" . urlencode($service_num) . "&nessus_id=" . urlencode($scriptid) . "&risk=" . urlencode($tmprisk) . "&type=" . urlencode("Nessus Vulnerability");
echo "<a title=\"" . _("New ticket") . "\" class=\"greybox\" href=\"../incidents/newincident.php?{$pticket}\"><img style=\"padding-bottom:2px;\" src=\"../pixmaps/script--pencil.png\" border=\"0\" alt=\"i\" width=\"12\"></a> ";
?>
</td>
<?php
if ($sid < 0) {
$plugin_info = $dbconn->execute("SELECT t2.name, t3.name, t1.copyright, t1.summary, t1.version \n FROM vuln_nessus_plugins_feed t1\n LEFT JOIN vuln_nessus_family_feed t2 on t1.family=t2.id\n LEFT JOIN vuln_nessus_category_feed t3 on t1.category=t3.id\n WHERE t1.id='{$scriptid}'");
} else {
$plugin_info = $dbconn->execute("SELECT t2.name, t3.name, t1.copyright, t1.summary, t1.version \n FROM vuln_nessus_plugins t1\n LEFT JOIN vuln_nessus_family t2 on t1.family=t2.id\n LEFT JOIN vuln_nessus_category t3 on t1.category=t3.id\n WHERE t1.id='{$scriptid}'");
}
list($pfamily, $pcategory, $pcopyright, $psummary, $pversion) = $plugin_info->fields;
?>
<td colspan="3" valign="top" style="text-align:left;padding:3px;">
<?php
$plugindetails = '';
if ($pfamily != '') {
$plugindetails .= '<b>Family name:</b> ' . $pfamily . '<br><br>';
}
if ($pcategory != '') {
$plugindetails .= '<b>Category:</b> ' . $pcategory . '<br><br>';
}
if ($pcopyright != '') {
$plugindetails .= '<b>Copyright:</b> ' . $pcopyright . '<br><br>';
}
if ($psummary != '') {
$plugindetails .= '<b>Summary:</b> ' . $psummary . '<br><br>';
}
if ($pversion != '') {
$plugindetails .= '<b>Version:</b> ' . $pversion . '<br><br>';
}
echo $plugindetails;
?>
</td>
</tr>
<?php
$result1->MoveNext();
}
echo "</table>";
echo "</div>";
}
$resultp->MoveNext();
}
echo "</center>";
}
?>
">
<td colspan="8" style="text-align:left;padding:0px 10px 10px 10px;background-color:<?php
echo $colors[$value["risk"]];
?>
">
<?php
echo $value["msg"];
?>
</td>
</tr>
<?php
$j++;
}
foreach ($report2_data as $key => $value) {
$tmprisk = getrisk($value["risk"]);
$value["msg"] = preg_replace("/^[ \t]*/", "", $value["msg"]);
$value["msg"] = preg_replace("/\n/", "<br>", $value["msg"]);
$value["msg"] = preg_replace("/^\\<br\\>/i", "", str_replace("\\r", "", $value["msg"]));
$value["msg"] = preg_replace("/(Solution|Overview|Synopsis|Description|See also|Plugin output|References|Vulnerability Insight|\n Impact|Impact Level|Affected Software\\/OS|Fix|Information about this scan)\\s*:/", "<br /><strong>\\1:</strong><br />", $value["msg"]);
?>
<tr>
<td colspan="4" width="50%" style="text-align:center;background-color:#FFEFF3;">
</td>
<td colspan="4" width="50%" style="text-align:center;background-color:<?php
echo $colors[$value["risk"]];
?>
">
<?php
if ($report2_data[$key] != "") {
function origdetails()
{
global $uroles, $user, $sid, $query_risk, $border, $report_id, $scantime, $scantype, $fp, $nfp, $filterip, $enableFP, $enableNotes, $enableException, $output, $sortby, $dbconn, $arruser;
global $treport, $ipl, $query_byuser, $ips_inrange;
$enableException = 0;
$colors = array("Serious" => "#FFCDFF", "High" => "#FFDBDB", "Medium" => "#FFF283", "Low" => "#FFFFC0", "Info" => "#FFFFE3");
$images = array("Serious" => "./images/risk7.gif", "High" => "./images/risk6.gif", "Medium" => "./images/risk3.gif", "Low" => "./images/risk2.gif", "Info" => "./images/risk1.gif");
$levels = array("Serious" => "1", "High" => "2", "Medium" => "3", "Low" => "6", "Info" => "7");
$query_host = "";
if ($filterip) {
$query_host = " AND hostip='{$filterip}'";
}
echo "<center>";
echo "<form>";
echo "<table width=\"900\" class=\"noborder\" style=\"background:transparent;\">";
echo "<tr><td style=\"text-align:left;\" class=\"nobborder\">";
echo "<input id=\"checkboxFP\" type=\"checkbox\" onclick=\"showFalsePositives()\"> <span style=\"color:black\">" . _("View false positives") . "</span>";
echo "</td><td class=\"nobborder\" style=\"text-align:center;\">";
// print the icon legend
if ($enableFP) {
echo "<img alt='True' src='images/true.gif' border=0 align='absmiddle'> - " . _("True result") . " ";
echo "<img alt='False' src='images/false.png' border=0 align='absmiddle'> - " . _("False positive result") . " ";
}
if ($enableNotes) {
echo "<img alt='Note' src='images/note.png' border=0 align='absmiddle'> - " . _("Add a custom note") . " ";
}
echo "<img alt='Info' src='images/info.png' border=0 align='absmiddle'> - " . _("Additional information is available");
echo "</td></tr></table>";
echo "</form>";
echo "<br>";
//$query ="select distinct hostip, hostname from vuln_nessus_results where report_id='$report_id' $query_host order by INET_ATON(hostip) ASC";
if ($ipl == "all") {
$query = "SELECT distinct t1.hostip, t2.hostname\n FROM vuln_nessus_latest_results t1\n LEFT JOIN host t2 on t1.hostip = t2.ip " . (in_array("admin", $arruser) ? "" : "WHERE username in ('{$user}') ") . "ORDER BY hostip ASC";
} else {
$query = "SELECT distinct t1.hostip, t2.hostname\n FROM " . ($treport == "latest" || $ipl != "" ? "vuln_nessus_latest_results" : "vuln_nessus_results") . " t1\n LEFT JOIN host t2 on t1.hostip = t2.ip\n WHERE report_id in ({$report_id}) " . ($treport == "latest" || $ip != "" ? " and sid in ({$sid})" : " ") . " {$query_host}" . (!in_array("admin", $arruser) && ($treport == "latest" || $ipl != "") ? " AND username in ('{$user}') " : " ") . "ORDER BY INET_ATON(hostip) ASC";
}
$resultp = $dbconn->execute($query);
$host_range = array_keys($ips_inrange);
while (list($hostip, $hostname) = $resultp->fields) {
if ($hostname == "") {
$hostname = "unknown";
}
if (in_array($hostip, $host_range)) {
if ($output == "min") {
echo "<h3>" . _("Details for Serious, High, Medium and Medium/Low severity risks only") . ".</h3>";
}
echo "<div class='hostip'>";
echo <<<EOT
<br><font color="red"><b><a name="{$hostip}">{$hostip} - {$hostname}</a></b></font>
EOT;
echo "<table summary=\"{$hostip} - " . _("Reported Ports") . "\">";
echo "<tr><th colspan=2>" . _("Reported Ports") . "</th></tr>";
// get the "open ports" this replaced an approroacj requiring risk 7 and an empty msg cell
if ($ipl == "all") {
$query = "SELECT DISTINCT `port` , `protocol` FROM vuln_nessus_latest_results \n \t\tWHERE hostip='{$hostip}' {$query_byuser} AND port > '0' ORDER BY port ASC";
} else {
$query = "SELECT DISTINCT `port` , `protocol` FROM `" . ($treport == "latest" || $ipl != "" ? "vuln_nessus_latest_results" : "vuln_nessus_results") . "` \n \t\tWHERE report_id in ({$report_id})" . ($treport == "latest" || $ipl != "" ? " and sid in ({$sid})" : " ") . ($scantime != "" ? " AND scantime={$scantime}" : "") . (!in_array("admin", $arruser) && ($treport == "latest" || $ipl != "") ? " AND username in ('{$user}') " : " ") . " AND hostip='{$hostip}' AND port > '0' ORDER BY port ASC";
}
$result1 = $dbconn->execute($query);
//$arrResults="";
$k = 1;
$pos = "";
if (!$result1->fields) {
print "<tr><td>" . _("No reported ports found") . "</td></tr>";
} else {
while (list($port, $proto) = $result1->fields) {
if ($k % 2) {
echo "<tr><td>{$port}/{$proto}</td>";
$pos = "open";
} else {
echo "<td>{$port}/{$proto}</td></tr>";
$pos = "closed";
}
$k++;
$result1->MoveNext();
}
// end while
// close up the table
if ($pos != "closed") {
echo "<td> </td></tr>";
}
}
echo "</table><p></p>";
echo <<<EOT
<table width="900" summary="{$hostip} - risks">
<tr>
EOT;
echo "<th>" . _("Vuln Name") . "</th>";
echo "<th>" . _("VulnID") . "</th>";
echo "<th>" . _("Service") . "</th>";
echo "<th>" . _("Severity") . "</th>";
echo "</tr>";
if ($ipl == "all") {
$query = "select distinct 0, r.service, r.risk, r.falsepositive, r.scriptid, v.name, r.msg\n FROM vuln_nessus_latest_results as r\n LEFT JOIN vuln_nessus_plugins as v ON v.id=r.scriptid\n WHERE hostip='{$hostip}' {$query_byuser} and msg<>''";
/* $query_msg = "select r.msg from vuln_nessus_latest_results as r
LEFT JOIN vuln_nessus_plugins as v ON v.id=r.scriptid
WHERE hostip='$hostip' $query_byuser and msg<>'' ORDER BY r.scantime DESC LIMIT 0,1";*/
} else {
if ($treport == "latest" || $ipl != "") {
$query = "select distinct 0, r.service, r.risk, r.falsepositive, r.scriptid, v.name, r.msg\n FROM vuln_nessus_latest_results as r\n LEFT JOIN vuln_nessus_plugins as v ON v.id=r.scriptid\n WHERE report_id in ({$report_id}) and sid in ({$sid}) and hostip='{$hostip}' and msg<>''" . ($scantime != "" && $ipl == "" ? " AND scantime={$scantime}" : "") . (!in_array("admin", $arruser) && ($treport == "latest" || $ipl != "") ? " AND username in ('{$user}') " : "");
/* $query_msg = "select r.msg from vuln_nessus_latest_results as r
LEFT JOIN vuln_nessus_plugins as v ON v.id=r.scriptid
WHERE report_id in ($report_id) and sid in ($sid) and hostip='$hostip' and msg<>''".
(($scantime!="" && $ipl=="")? " AND scantime=$scantime":"").
((!in_array("admin", $arruser) && ($treport=="latest" || $ipl!=""))? " AND username in ('$user') " : " ")."ORDER BY r.scantime DESC LIMIT 0,1";*/
} else {
$query = "select distinct 0, t1.service, t1.risk, t1.falsepositive, t1.scriptid, v.name, t1.msg\n FROM vuln_nessus_results t1\n LEFT JOIN vuln_nessus_plugins as v ON v.id=t1.scriptid\n WHERE report_id in ({$report_id}) and hostip='{$hostip}' and msg<>''" . ($scantime != "" && $ipl == "" ? " AND scantime={$scantime}" : "") . (!in_array("admin", $arruser) && ($treport == "latest" || $ipl != "") ? " AND username in ('{$user}') " : "");
/* $query_msg = "select t1.msg from vuln_nessus_results t1
LEFT JOIN vuln_nessus_plugins as v ON v.id=t1.scriptid
WHERE report_id in ($report_id) and hostip='$hostip' and msg<>''".
(($scantime!="" && $ipl=="")? " AND scantime=$scantime":"").
((!in_array("admin", $arruser) && ($treport=="latest" || $ipl!=""))? " AND username in ('$user') " : " ")."ORDER BY t1.scantime DESC LIMIT 0,1";*/
}
}
//echo $scantime;
//echo "bucle:$query";
// for minimized output, don't include risk=[5|6|7]
if ($output == "min") {
$query .= " and risk NOT IN( '7', '6', '5')";
}
$query .= " order by risk";
$result1 = $dbconn->execute($query);
$arrResults = "";
while (list($result_id, $service, $risk, $falsepositive, $scriptid, $pname, $msg) = $result1->fields) {
//$msg = get_msg($dbconn,$query_msg); // to avoid same messages
$tmpport1 = preg_split("/\\(|\\)/", $service);
if (sizeof($tmpport1) == 1) {
$tmpport1[1] = $tmpport1[0];
}
#echo "$tmpport1[0] $tmpport1[1]<BR>";
$tmpport2 = preg_split("/\\//", $tmpport1[1]);
#echo "$tmpport2[0] $tmpport2[1]<BR>";
$service_num = $tmpport2[0];
$service_proto = $tmpport2[1];
$arrResults[] = array($service_num, $service_proto, $service, $risk, $falsepositive, $result_id, $msg, $scriptid, $pname);
$result1->MoveNext();
}
if (!empty($arrResults)) {
//uasort ($arrResults, 'arrScanResultsCompare');
} else {
// empty, print out message
echo "<td colspan='4'>" . _("No vulnerability results matching this reports \n filtering criteria were found") . ".</td></tr>";
}
foreach ($arrResults as $key => $value) {
list($service_num, $service_proto, $service, $risk, $falsepositive, $resid, $msg, $scriptid, $pname) = $value;
// No need to do this anymore as the HTML entities are converted when
// importing the results
// $msg=htmlspecialchars($msg);
// Print Notes associated with this result (resid)
// modified to remove username filter - will tag the note with the
// username which we now get in the results
if ($enableNotes) {
$query = "select note, username FROM nessus_notes WHERE pid={$scriptid} and resid = {$resid}";
$result_note = $dbconn->execute($query);
//and username='******'");
//The next line breaks for upgrade installs
//$notes=$result_note->GetArray();
if (!empty($result_note)) {
$msg .= '<p><FONT COLOR="#0044FF"><B>' . _("Custom Notes") . ':</B>';
foreach ($result_note as $note_num => $customnote) {
//list($customnote)=$result_note->fields;
$note_num++;
// do this as the index starts at 0
$msg .= "\n{$note_num}. [{$customnote['username']}] - {$customnote['note']}";
//$note_num++;
//$result_note->MoveNext();
}
$msg .= "</FONT></p>";
}
}
// end Print Notes
$msg = preg_replace("/^[ \t]*/", "", $msg);
$msg = preg_replace("/\n/", "<br>", $msg);
// $tr = array("\\n" => "<br>");
// $msg=strtr($msg,$tr);
//$msg=wordwrap(preg_replace("/\n/","<br>",$msg),100,"<br>",1);
$msg = wordwrap($msg, 100, "<br>", 1);
// Add Exceptions
//if ($enableException && $risk <= 6) {
if ($enableException) {
$msg .= "<p><FONT COLOR='#0044FF'><b>" . _("Exceptions") . ":</b><br>";
if ($uroles['eview'] || $uroles['esubmit'] || $uroles['eapprove']) {
$msg .= printException($hostip, $scriptid, $dbconn, FALSE, $hostname, $service_num, $sid);
}
//if ($esubmit) {
// $msg .= addException($hostip,$resid,$scriptid,$schedid,$hostname);
//}
}
// end Exceptions
$tmprisk = getrisk($risk);
$msg = preg_replace("/^\\<br\\>/i", "", str_replace("\\r", "", $msg));
$msg = preg_replace("/(Solution|Overview|Synopsis|Description|See also|Plugin output|References|Vulnerability Insight|Impact|Impact Level|Affected Software\\/OS|Fix|Information about this scan)\\s*:/", "<b>\\1:</b>", $msg);
// output the table cells
$ancla = $hostip . "_" . $levels[$tmprisk];
echo "<tr " . ($falsepositive == 'Y' ? "class=\"trsk risk{$risk} fp\"" : "class=\"trsk risk{$risk}\"") . "style=\"background-color:" . $colors[$tmprisk] . ($falsepositive == 'Y' ? ";display:none;" : "") . "\">";
//echo "<tr>";
echo "<td width=\"50%\" style=\"padding:3px 0px 3px 0px;\"><b>" . ($pname != "" ? $pname : _("No name")) . "</b></td>";
echo "<td style=\"padding:3px 0px 3px 0px;\">{$scriptid}</td>";
?>
<td style="padding:3px;" width="180"><?php
echo $service;
?>
</td>
<td style="text-align:center;">
<?php
echo $tmprisk;
?>
<img align="absmiddle" src="<?php
echo $images[$tmprisk];
?>
" style="border: 1px solid ; width: 25px; height: 10px;">
</td>
</tr>
<?php
echo "<tr " . ($falsepositive == 'Y' ? "class=\"trsk risk{$risk} fp\"" : "class=\"trsk risk{$risk}\"") . "style=\"background-color:" . $colors[$tmprisk] . ($falsepositive == 'Y' ? ";display:none;" : "") . "\">";
?>
<td style="padding:3px 0px 3px 6px;text-align:left;">
<A class="msg" NAME="<?php
echo $resid;
?>
"></a><a name="<?php
echo $ancla;
?>
"></a>
<?php
echo $msg;
?>
<font size="1">
<br><br>
</font>
<?php
// Add info from osvdb
echo " <a title=\"" . _("Info from OSVDB for vuln id ") . "{$scriptid}\" class=\"greybox\" href=\"osvdb_info.php?scriptid={$scriptid}\"><img src=\"images/osvdb.png\" border=\"0\"></a> ";
// Add link to popup with Script Info
echo <<<EOT
<a href="javascript:;" lid="{$scriptid}" style="text-decoration:none;" class="scriptinfo"><img alt="Info" src="images/info.png" border=0></a>
EOT;
// Add Custom Notes icon
// don't filter on username - any user can add a note to any result
//if ($sql_uid==$user) {
if ($enableNotes) {
if ($output == "min") {
echo <<<EOT
<a href="notes.php?op=add&pid={$scriptid}&scantime={$scantime}&scantype={$scantype}&sortby={$sortby}&resid={$resid}&httpfrom=resmin"
onClick="popup('notes.php?op=add&pid={$scriptid}&scantime={$scantime}&scantype={$scantype}&sortby={$sortby}&resid={$resid}&httpfrom=resmin','Notes');
return false;"><img alt="Note" src="images/note.png" title="Add note" border=0></a>
EOT;
} else {
echo <<<EOT
<a href="notes.php?op=add&pid={$scriptid}&scantime={$scantime}&scantype={$scantype}&sortby={$sortby}&resid={$resid}&httpfrom=results"
onClick="popup('notes.php?op=add&pid={$scriptid}&scantime={$scantime}&scantype={$scantype}&sortby={$sortby}&resid={$resid}&httpfrom=results','Notes');
return false;"><img alt="Note" src="images/note.png" title="Add note" border=0></a>
EOT;
}
}
//}
// Add False Positive Indicator/link
if ($enableFP && ($sql_uid == $user || $uroles['admin'])) {
/*if($ipl=="all"){
$query = "select result_id from vuln_nessus_latest_results
WHERE hostip='$hostip' and service='$service' and risk=".$levels[$tmprisk]." and scriptid=$scriptid $query_byuser";
}*/
if ($ipl == "") {
$list_result_ids = array();
$query = "select result_id from " . ($treport == "latest" || $ipl != "" ? "vuln_nessus_latest_results" : "vuln_nessus_results") . " \n WHERE report_id in ({$report_id})" . ($treport == "latest" || $ipl != "" ? " and sid in ({$sid})" : " ") . " and hostip='{$hostip}'\n and service='{$service}' and risk=" . $levels[$tmprisk] . " and scriptid={$scriptid}" . (!in_array("admin", $arruser) && ($treport == "latest" || $ipl != "") ? " AND username in ('{$user}') " : "");
$result = $dbconn->execute($query);
while (!$result->EOF) {
$list_result_ids[] = $result->fields["result_id"];
$result->MoveNext();
}
$resid = base64_encode(implode(",", $list_result_ids));
} else {
$resid = base64_encode("{$report_id};{$hostip};{$service};" . $levels[$tmprisk] . ";{$scriptid}");
}
//print_r ($query);
$tmpu = array();
$url = "";
foreach ($_GET as $kget => $vget) {
if ($kget != "pluginid" && $kget != "nfp" && $kget != "fp") {
$tmpu[] = "{$kget}={$vget}";
}
}
$url = implode("&", $tmpu);
if ($falsepositive == "Y") {
/* echo <<<EOT
<a href="reshtml.php?$url&nfp=$resid&pluginid=$scriptid">
EOT;*/
echo <<<EOT
<a href="reshtml.php?{$url}&nfp={$resid}">
EOT;
echo "<img alt=\"" . _("Clear false positive") . "\" src=\"images/false.png\" title=\"" . _("Clear false positive") . "\" border=0></a>";
} else {
/* echo <<<EOT
<a href="reshtml.php?$url&fp=$resid&pluginid=$scriptid">
EOT;*/
echo <<<EOT
<a href="reshtml.php?{$url}&fp={$resid}">
EOT;
echo "<img alt=\"" . _("Mark as false positive") . "\" src=\"images/true.gif\" title=\"" . _("Mark as false positive") . "\" border=0></a>";
}
}
$pticket = "ref=Vulnerability&ip={$hostip}&port={$service_num}&nessus_id={$scriptid}&risk={$tmprisk}&type=Nessus Vulnerability";
echo " <a title=\"" . _("New ticket") . "\" class=\"greybox\" href=\"new_vuln_ticket.php?{$pticket}\"><img style=\"padding-bottom:2px;\" src=\"../pixmaps/incident.png\" border=\"0\" alt=\"i\" width=\"12\"></a> ";
?>
</td>
<?php
$plugin_info = $dbconn->execute("SELECT t2.name, t3.name, t1.copyright, t1.summary, t1.version \n FROM vuln_nessus_plugins t1\n LEFT JOIN vuln_nessus_family t2 on t1.family=t2.id\n LEFT JOIN vuln_nessus_category t3 on t1.category=t3.id\n WHERE t1.id='{$scriptid}'");
list($pfamily, $pcategory, $pcopyright, $psummary, $pversion) = $plugin_info->fields;
?>
<td colspan="3" valign="top" style="text-align:left;padding:3px;">
<?php
$plugindetails = "";
if ($pfamily != "") {
$plugindetails .= '<b>Family name:</b> ' . $pfamily . '<br><br>';
}
if ($pcategory != "") {
$plugindetails .= '<b>Category:</b> ' . $pcategory . '<br><br>';
}
if ($pcopyright != "") {
$plugindetails .= '<b>Copyright:</b> ' . $pcopyright . '<br><br>';
}
if ($psummary != "") {
$plugindetails .= '<b>Summary:</b> ' . $psummary . '<br><br>';
}
if ($pversion != "") {
$plugindetails .= '<b>Version:</b> ' . $pversion . '<br><br>';
}
echo $plugindetails;
?>
</td>
</tr>
<?php
$result1->MoveNext();
}
echo "</table>";
echo "</div>";
}
$resultp->MoveNext();
}
echo "</center>";
}
