ID CVE-2003-1554 Type cve Reporter cve@mitre.org Modified 2018-10-19T15:29:00
Description
Cross-site scripting (XSS) vulnerability in scozbook/add.php in ScozNet ScozBook 1.1 BETA allows remote attackers to inject arbitrary web script or HTML via the (1) username, (2) useremail, (3) aim, (4) msn, (5) sitename and (6) siteaddy variables.
{"nessus": [{"lastseen": "2021-01-01T05:31:52", "description": "The remote host is running ScozBook\n\nThis set of CGI has two vulnerabilities :\n\n - It is vulnerable to cross-site scripting attacks \n (in add.php)\n - If the user requests view.php with a crafted PG \n Variable, he will obtain the physical path of the \n remote CGI\n\t\nAn attacker may use these flaws to steal the cookies of your users\nor to gain better knowledge about this host.", "edition": 23, "published": "2003-03-30T00:00:00", "title": "ScozBook scozbook/add.php Multiple Parameter XSS", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2003-1554", "CVE-2003-1555"], "modified": "2021-01-02T00:00:00", "cpe": [], "id": "SCOZBOOK.NASL", "href": "https://www.tenable.com/plugins/nessus/11502", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\n# Ref:\n# From: \"euronymous\" <just-a-user@yandex.ru>\n# To: vuln@security.nnov.ru, bugtraq@securityfocus.com\n# Subject: ScozBook BETA 1.1 vulnerabilities\n\n\ninclude(\"compat.inc\");\n\nif(description)\n{\n script_id(11502);\n script_version (\"1.22\");\n script_cve_id(\"CVE-2003-1554\", \"CVE-2003-1555\");\n script_bugtraq_id(7235, 7236);\n\n script_name(english: \"ScozBook scozbook/add.php Multiple Parameter XSS\");\n \n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote web application is vulnerable to cross-site-scripting and \npath disclosure.\" );\n script_set_attribute(attribute:\"description\", value:\n\"The remote host is running ScozBook\n\nThis set of CGI has two vulnerabilities :\n\n - It is vulnerable to cross-site scripting attacks \n (in add.php)\n - If the user requests view.php with a crafted PG \n Variable, he will obtain the physical path of the \n remote CGI\n\t\nAn attacker may use these flaws to steal the cookies of your users\nor to gain better knowledge about this host.\" );\n script_set_attribute(attribute:\"solution\", value:\n\"Delete this package.\" );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No exploit is required\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n script_cwe_id(79, 200);\n script_set_attribute(attribute:\"plugin_publication_date\", value: \"2003/03/30\");\n script_cvs_date(\"Date: 2018/07/27 18:38:14\");\n script_set_attribute(attribute:\"plugin_type\", value:\"remote\");\n script_end_attributes();\n\n script_summary(english: \"Checks for the presence of view.php\");\n script_category(ACT_GATHER_INFO);\n \n script_copyright(english:\"This script is Copyright (C) 2003-2018 Tenable Network Security, Inc.\");\n script_family(english: \"CGI abuses\");\n script_dependencie(\"http_version.nasl\");\n script_require_ports(\"Services/www\", 80);\n script_exclude_keys(\"Settings/disable_cgi_scanning\");\n script_require_keys(\"www/PHP\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"http.inc\");\n\nport = get_http_port(default:80);\nif(!can_host_php(port:port))exit(0);\n\ngdir = make_list(cgi_dirs());\n\ndirs = make_list(\"\", \"/guestbook\");\nforeach d (gdir)\n{\n dirs = make_list(dirs, string(d, \"/guestbook\"), d);\n}\n\n\nforeach dir (dirs)\n{\n r = http_send_recv3(method: \"GET\", item:string(dir, \"/view.php?PG=foobar\"), port:port);\n if (isnull(r)) exit(0);\n\n if(egrep(pattern:\".*MySQL result resource.*\", string: r[2]))\n \t{\n\tsecurity_warning(port);\n\tset_kb_item(name: 'www/'+port+'/XSS', value: TRUE);\n\texit(0);\n\t}\n}\n", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N"}}]}
