Пример #1
0
function saveplugins($sid, $fam, $cve, $saveplugins, $AllPlugins, $NonDOS, $DisableAll)
{
    global $username, $dbconn, $nessus_path;
    //echo "Updating Plugins Status<br>";
    if ($saveplugins == "Update") {
        reset($_POST);
        // if form method="post"
        // edited to work on a per family basis so we can break
        // down the page to lighten up the HTML
        if ($fam != "") {
            $result = $dbconn->Execute("Update vuln_nessus_settings_plugins \n                   set enabled='N' \n                   where sid={$sid} and family={$fam}");
            while (list($key, $value) = each($_POST)) {
                $key = Util::htmlentities(mysql_real_escape_string(trim($key)), ENT_QUOTES);
                if (substr($key, 0, 3) == "PID") {
                    $key = substr($key, 3);
                    if (is_numeric($key)) {
                        $results = $dbconn->Execute("Update vuln_nessus_settings_plugins \n                        set enabled='Y' \n                        where ID={$key} \n                        and sid={$sid}");
                    }
                }
            }
        } else {
            echo "<br><br>";
            $result = $dbconn->Execute("SELECT id FROM vuln_nessus_plugins WHERE cve_id LIKE '%{$cve}%'");
            while (!$result->EOF) {
                $dbconn->Execute("Update vuln_nessus_settings_plugins \n                        set enabled='N' \n                        where id=" . $result->fields['id'] . " and sid={$sid}");
                $result->MoveNext();
            }
            while (list($key, $value) = each($_POST)) {
                $key = Util::htmlentities(mysql_real_escape_string(trim($key)), ENT_QUOTES);
                if (substr($key, 0, 3) == "PID") {
                    $key = substr($key, 3);
                    if (is_numeric($key)) {
                        $results = $dbconn->Execute("Update vuln_nessus_settings_plugins \n                        set enabled='Y' \n                        where ID={$key} \n                        and sid={$sid}");
                    }
                }
            }
        }
    }
    if ($AllPlugins == "Enable All") {
        $result = $dbconn->Execute("Update vuln_nessus_settings_plugins \n              set enabled='Y' \n              where sid={$sid}");
    }
    if ($NonDOS == "Enable Non DOS") {
        $result = $dbconn->Execute("Update vuln_nessus_settings_plugins \n              set enabled='Y' where sid={$sid}");
        //echo "query=$query<br>";
        $query = "SELECT id FROM vuln_nessus_category WHERE name='denial'";
        $result = $dbconn->execute($query);
        list($cid) = $result->fields;
        $query = "UPDATE vuln_nessus_settings_plugins SET enabled='N' WHERE sid={$sid} AND category={$cid}";
        //echo "query=$query<br>";
        $result = $dbconn->execute($query);
        $query = "SELECT id FROM vuln_nessus_category WHERE name='flood'";
        $result = $dbconn->execute($query);
        list($cid) = $result->fields;
        $query = "UPDATE vuln_nessus_settings_plugins SET enabled='N' WHERE sid={$sid} AND category={$cid}";
        //echo "query=$query<br>";
        $result = $dbconn->execute($query);
        $query = "SELECT id FROM vuln_nessus_category WHERE name='destructive_attack'";
        //echo "query=$query<br>";
        $result = $dbconn->execute($query);
        list($cid) = $result->fields;
        $query = "UPDATE vuln_nessus_settings_plugins SET enabled='N' WHERE sid={$sid} AND category={$cid}";
        //echo "query=$query<br>";
        $result = $dbconn->execute($query);
        $query = "SELECT id FROM vuln_nessus_category WHERE name='kill_host'";
        $result = $dbconn->execute($query);
        list($cid) = $result->fields;
        $query = "UPDATE vuln_nessus_settings_plugins SET enabled='N' WHERE sid={$sid} AND category={$cid}";
        //echo "query=$query<br>";
        $result = $dbconn->execute($query);
    }
    if ($DisableAll == "Disable All") {
        $query = "update vuln_nessus_settings_plugins \n              set enabled='N' \n              where sid={$sid}";
        $result = $dbconn->execute($query);
    }
    //echo "ALL=$AllPlugins, NON=$NonDOS, DISABLE=$DisableAll";
    //echo "<br>";
    if (preg_match("/omp\\s*\$/i", $nessus_path)) {
        $omp = new OMP();
        $omp->set_plugins_by_family($sid);
    }
    logAccess("Updated Plugins for Profile {$sid}");
    edit_plugins($sid, $fam);
}
Пример #2
0
    } else {
        // call to avoid XSS attacks
        $value = Util::htmlentities($value);
        # Assume it is a text box
        $sufix = preg_match("/\\[file\\]/", $nessus_id) ? "&nbsp;[" . _("full file path") . "]" : "";
        $retstr = "<tr><td style='text-align:left;width:65%'>{$field} {$sufix}</td><td><INPUT type=\"text\" name=\"{$vname}\" value=\"{$value}\"></td></tr>";
    }
    $retstr .= "\n";
    return $retstr;
}
switch ($disp) {
    case "edit":
        edit_autoenable($sid);
        break;
    case "editplugins":
        edit_plugins($dbconn, $sid);
        break;
    case "editprefs":
        edit_serverprefs($dbconn, $sid);
        break;
    case "new":
        new_profile();
        break;
    case "viewconfig":
        view_config($sid);
        break;
    default:
        select_profile();
        break;
}
echo "   </td></tr>";