[CmdletBinding()]
param(
[Parameter(Mandatory=$true)]
[String]$searchDir
)
# Vulnerable versions listed in Burp Suite extension Telewreck.py
# Available at https://github.com/capt-meelo/Telewreck/blob/master/telewreck.py
$VULN_VERSIONS = @(
'2007.1423', '2007.1521', '2007.1626', '2007.2918', '2007.21010',
'2007.21107', '2007.31218', '2007.31314', '2007.31425',
'2008.1415', '2008.1515', '2008.1619', '2008.2723', '2008.2826',
'2008.21001', '2008.31105', '2008.31125', '2008.31314',
'2009.1311', '2009.1402', '2009.1527', '2009.2701', '2009.2826',
'2009.31103', '2009.31208', '2009.31314',
'2010.1309', '2010.1415', '2010.1519', '2010.2713', '2010.2826',
'2010.2929', '2010.31109', '2010.31215', '2010.31317',
'2011.1315', '2011.1413', '2011.1519', '2011.2712', '2011.2915',
'2011.31115', '2011.3.1305',
'2012.1.215', '2012.1.411', '2012.2.607', '2012.2.724', '2012.2.912',
'2012.3.1016', '2012.3.1205', '2012.3.1308',
'2013.1.220', '2013.1.403', '2013.1.417', '2013.2.611', '2013.2.717',
'2013.3.1015', '2013.3.1114', '2013.3.1324',
'2014.1.225', '2014.1.403', '2014.2.618', '2014.2.724', '2014.3.1024',
'2015.1.204', '2015.1.225', '2015.1.401', '2015.2.604', '2015.2.623',
'2015.2.729', '2015.2.826', '2015.3.930', '2015.3.1111',
'2016.1.113', '2016.1.225', '2016.2.504', '2016.2.607', '2016.3.914',
'2016.3.1018', '2016.3.1027',
'2017.1.118', '2017.1.228', '2017.2.503', '2017.2.621', '2017.2.711',
'2017.3.913'
)
Get-ChildItem -Path $searchDir -Filter Telerik.Web.UI.dll -Recurse -ErrorAction
SilentlyContinue -Force | foreach-object {
# In ACSC samples of the Telerik.Web.UI.dll the version number is 4 "octets"
(e.g. '2014.2.724.45'), PowerShell reports this as
"Major"."Minor"."Build"."Revision".
# Telewreck crafts requests using version numbers between 2 and 3 octets
long, it is assumed that all revisions are vulnerable.
if ($_.VersionInfo.FileMajorPart -lt 2012) {
$SimplifiedFileVersion = ($_.VersionInfo.FileVersion | Select-String -Pattern "\d{4}\.\d{4,5}").Matches.Value
} else {
$SimplifiedFileVersion = ($_.VersionInfo.FileVersion | Select-String -Pattern "\d{4}\.\d{1}\.\d{3,4}").Matches.Value
}
if ($VULN_VERSIONS -contains $SimplifiedFileVersion) {
Write-Host -ForegroundColor Red "Vulnerable Telerik.Web.UI.dll identified at '$($_.FullName)'. Version number '$($_.VersionInfo.FileVersion)' matches version '$($SimplifiedFileVersion)' in Telewreck."
} else {
if ($_.VersionInfo.FileMajorPart -lt 2018) {
Write-Host -ForegroundColor Yellow "Potentially vulnerable Telerik.Web.UI.dll identified at '$($_.FullName)'. Version number '$($_.VersionInfo.FileVersion)' is not included in the Telewreck vulnerable versions, but falls within timeframe of vulnerable versions."
} else {
Write-Host -ForegroundColor Green "Telerik.Web.UI.dll identified at '$($_.FullName)'. Version number '$($_.VersionInfo.FileVersion)' is not included in the Telewreck vulnerable versions and falls outside of the vulnerability timeframes."
}
}
}