ID CVE-2005-2674 Type cve Reporter cve@mitre.org Modified 2016-10-18T03:29:00
Description
DISPUTED Note: the vendor has disputed this issue. Multiple cross-site scripting (XSS) vulnerabilities in Land Down Under (LDU) 800 allow remote attackers to inject arbitrary web script or HTML via the (1) c or (2) m parameters to index.php or (3) w parameter to journal.php. NOTE: this issue has been disputed by the vendor, who says "None of the tricks written there are working, the variables are properly sanitized and no LDU version is affected."
{"id": "CVE-2005-2674", "bulletinFamily": "NVD", "title": "CVE-2005-2674", "description": "** DISPUTED ** Note: the vendor has disputed this issue. Multiple cross-site scripting (XSS) vulnerabilities in Land Down Under (LDU) 800 allow remote attackers to inject arbitrary web script or HTML via the (1) c or (2) m parameters to index.php or (3) w parameter to journal.php. NOTE: this issue has been disputed by the vendor, who says \"None of the tricks written there are working, the variables are properly sanitized and no LDU version is affected.\"", "published": "2005-08-23T04:00:00", "modified": "2016-10-18T03:29:00", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N"}, "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2005-2674", "reporter": "cve@mitre.org", "references": ["http://securitytracker.com/id?1014747", "http://www.securityfocus.com/bid/14619", "http://www.neocrome.net", "http://marc.info/?l=bugtraq&m=112456235729717&w=2"], "cvelist": ["CVE-2005-2674"], "type": "cve", "lastseen": "2019-05-29T18:08:14", "history": [], "edition": 1, "hashmap": [{"key": "affectedSoftware", "hash": "73469ed349116f2c66503fb541e5247f"}, {"key": "bulletinFamily", "hash": "601892ece72be3be2f57266ca2354792"}, {"key": "cpe", "hash": "f7465a28906dbaaddd1159390e4a9f7e"}, {"key": "cpe23", "hash": "6f2ea577601fe813b5f3589fef2bc037"}, {"key": "cvelist", "hash": "d19c18853ed055dd67ca3e142797da43"}, {"key": "cvss", "hash": "f74a1c24e49a5ecb0eefb5e51d4caa14"}, {"key": "cvss2", "hash": "1376299678e4b22a45cbb6e661929c18"}, {"key": "cvss3", "hash": "d41d8cd98f00b204e9800998ecf8427e"}, {"key": "cwe", "hash": "78a7a5cbaf09985c14389298e454e7db"}, {"key": "description", "hash": "950087c1c1afd4bb7af8e69db1168fdd"}, {"key": "href", "hash": "354e2180ce81e21e0fbda46b781965f3"}, {"key": "modified", "hash": "928fc4d439467f9c886bd2cdc15eb39c"}, {"key": "published", "hash": "dd6a67e1f58e65bed3efe077289a7963"}, {"key": "references", "hash": "71870347c6e2f2d9eba728299cf8aced"}, {"key": "reporter", "hash": "444c2b4dda4a55437faa8bef1a141e84"}, {"key": "title", "hash": "6b9ea5a7aa8e775107953bdb7689a9c6"}, {"key": "type", "hash": "1716b5fcbb7121af74efdc153d0166c5"}], "hash": "eb1b3a6fbecf25c73a83a3e33197808078a4c3cf372c64d9139bc2ac61539234", "viewCount": 0, "enchantments": {"dependencies": {"references": [{"type": "osvdb", "idList": ["OSVDB:19297", "OSVDB:19295"]}, {"type": "exploitdb", "idList": ["EDB-ID:26182"]}, {"type": "openvas", "idList": ["OPENVAS:136141256231019678", "OPENVAS:19678"]}, {"type": "nessus", "idList": ["LDU_SQL_INJECTION.NASL", "LDU_801.NASL"]}], "modified": "2019-05-29T18:08:14"}, "score": {"value": 4.3, "vector": "NONE", "modified": "2019-05-29T18:08:14"}, "vulnersScore": 4.3}, "objectVersion": "1.3", "cpe": ["cpe:/a:neocrome:land_down_under:800"], "affectedSoftware": [{"name": "neocrome land_down_under", "operator": "eq", "version": "800"}], "cvss2": {"cvssV2": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 4.3, "confidentialityImpact": "NONE", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N", "version": "2.0"}, "exploitabilityScore": 8.6, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "severity": "MEDIUM", "userInteractionRequired": false}, "cvss3": {}, "cpe23": ["cpe:2.3:a:neocrome:land_down_under:800:*:*:*:*:*:*:*"], "cwe": ["NVD-CWE-Other"]}
{"osvdb": [{"lastseen": "2017-04-28T13:20:15", "bulletinFamily": "software", "description": "## Vulnerability Description\nLand Down Under (LDU) contains a flaw that allows a remote cross site scripting attack. This flaw exists because the application does not validate 'c', 'm' and 'w' variables upon submission to the 'index.php' script. This could allow a user to create a specially crafted URL that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity.\n## Technical Description\nThe vendor has disputed this issue saying \"None of the tricks written there are working, the variables are properly sanitized and no LDU version is affected.\" Subsequent posts to security mail lists and lack of followup or technical details suggest Land Down Under may be prone to XSS or SQL Injection attacks.\n## Solution Description\nCurrently, there are no known upgrades, patches, or workarounds available to correct this issue.\n## Short Description\nLand Down Under (LDU) contains a flaw that allows a remote cross site scripting attack. This flaw exists because the application does not validate 'c', 'm' and 'w' variables upon submission to the 'index.php' script. This could allow a user to create a specially crafted URL that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity.\n## Manual Testing Notes\n/ldu/index.php?c='><script>alert('test');</script> \n/ldu/index.php?m='><script>alert('test');</script>\n## References:\nVendor URL: http://www.neocrome.net/\nSecurity Tracker: 1014747\n[Related OSVDB ID: 19295](https://vulners.com/osvdb/OSVDB:19295)\n[Related OSVDB ID: 19296](https://vulners.com/osvdb/OSVDB:19296)\nMail List Post: http://archives.neohapsis.com/archives/bugtraq/2005-08/0277.html\n[CVE-2005-2674](https://vulners.com/cve/CVE-2005-2674)\nBugtraq ID: 14619\n", "modified": "2005-08-20T22:09:23", "published": "2005-08-20T22:09:23", "href": "https://vulners.com/osvdb/OSVDB:19297", "id": "OSVDB:19297", "title": "Land Down Under (LDU) index.php Multiple Variable XSS", "type": "osvdb", "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:PARTIAL/A:NONE/"}}, {"lastseen": "2017-04-28T13:20:15", "bulletinFamily": "software", "description": "## Vulnerability Description\nLand Down Under (LDU) contains a flaw that allows a remote cross site scripting attack. This flaw exists because the application does not validate the 'w' variable upon submission to the 'journal.php' script. This could allow a user to create a specially crafted URL that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity.\n## Technical Description\nThe vendor has disputed this issue saying \"None of the tricks written there are working, the variables are properly sanitized and no LDU version is affected.\" Subsequent posts to security mail lists and lack of followup or technical details suggest Land Down Under may be prone to XSS or SQL Injection attacks.\n## Solution Description\nCurrently, there are no known upgrades, patches, or workarounds available to correct this issue.\n## Short Description\nLand Down Under (LDU) contains a flaw that allows a remote cross site scripting attack. This flaw exists because the application does not validate the 'w' variable upon submission to the 'journal.php' script. This could allow a user to create a specially crafted URL that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity.\n## Manual Testing Notes\n/ldu/journal.php?m=home&s=username&w='><script>alert('test');</script>\n## References:\nVendor URL: http://www.neocrome.net/\nSecurity Tracker: 1014747\n[Related OSVDB ID: 19296](https://vulners.com/osvdb/OSVDB:19296)\n[Related OSVDB ID: 19297](https://vulners.com/osvdb/OSVDB:19297)\nMail List Post: http://archives.neohapsis.com/archives/bugtraq/2005-08/0277.html\n[CVE-2005-2674](https://vulners.com/cve/CVE-2005-2674)\nBugtraq ID: 14619\n", "modified": "2005-08-20T22:09:23", "published": "2005-08-20T22:09:23", "href": "https://vulners.com/osvdb/OSVDB:19295", "id": "OSVDB:19295", "title": "Land Down Under (LDU) journal.php w Variable XSS", "type": "osvdb", "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:PARTIAL/A:NONE/"}}], "exploitdb": [{"lastseen": "2016-02-03T03:01:48", "bulletinFamily": "exploit", "description": "Land Down Under 800 index.php Multiple Parameter XSS. CVE-2005-2674. Webapps exploit for php platform", "modified": "2005-08-20T00:00:00", "published": "2005-08-20T00:00:00", "id": "EDB-ID:26182", "href": "https://www.exploit-db.com/exploits/26182/", "type": "exploitdb", "title": "Land Down Under 800 index.php Multiple Parameter XSS", "sourceData": "source: http://www.securityfocus.com/bid/14619/info\r\n \r\nLand Down Under is prone to multiple cross-site scripting vulnerabilities. These issues are due to a failure in the application to properly sanitize user-supplied input.\r\n \r\nAn attacker may leverage any of these issues to have arbitrary script code executed in the browser of an unsuspecting user in the context of the affected site. This may facilitate the theft of cookie-based authentication credentials as well as other attacks. \r\n\r\nhttp://www.example.com/ldu/index.php?c='><script>alert('test');</script>\r\nhttp://www.example.com/ldu/index.php?m='><script>alert('test');</script>", "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:PARTIAL/A:NONE/"}, "sourceHref": "https://www.exploit-db.com/download/26182/"}], "openvas": [{"lastseen": "2019-05-29T18:32:01", "bulletinFamily": "scanner", "description": "The remote version of Land Down Under is prone to various SQL injection and\n cross-site scripting attacks provided PHP", "modified": "2018-10-02T00:00:00", "published": "2006-03-26T00:00:00", "id": "OPENVAS:136141256231019678", "href": "http://plugins.openvas.org/nasl.php?oid=136141256231019678", "title": "Land Down Under <= 800 Multiple Vulnerabilities", "type": "openvas", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: ldu_sql_injection.nasl 11727 2018-10-02 13:45:55Z cfischer $\n#\n# Land Down Under <= 800 Multiple Vulnerabilities\n#\n# Authors:\n# Josh Zlatin-Amishav <josh at ramat doti cc>\n# Changes by Tenable Network Security :\n# - improved description\n# - do a more reliable test (if magic_quotes is on the host is not vulnerable)\n# - added references\n#\n# Copyright:\n# Copyright (C) 2005 Josh Zlatin-Amishav\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nCPE = \"cpe:/a:neocrome:land_down_under\";\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.19678\");\n script_version(\"$Revision: 11727 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-10-02 15:45:55 +0200 (Tue, 02 Oct 2018) $\");\n script_tag(name:\"creation_date\", value:\"2006-03-26 17:55:15 +0200 (Sun, 26 Mar 2006)\");\n script_cve_id(\"CVE-2005-2674\", \"CVE-2005-2675\", \"CVE-2005-2780\");\n script_bugtraq_id(14618, 14619, 14677);\n script_xref(name:\"OSVDB\", value:\"19298\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n script_name(\"Land Down Under <= 800 Multiple Vulnerabilities\");\n\n script_category(ACT_ATTACK);\n script_tag(name:\"qod_type\", value:\"remote_active\");\n\n script_family(\"Web application abuses\");\n script_copyright(\"Copyright (C) 2005 Josh Zlatin-Amishav\");\n script_dependencies(\"ldu_detection.nasl\");\n script_require_ports(\"Services/www\", 80);\n script_mandatory_keys(\"ldu/detected\");\n\n script_tag(name:\"solution\", value:\"Upgrade to Land Down Under version 801 or later.\");\n\n script_tag(name:\"summary\", value:\"The remote version of Land Down Under is prone to various SQL injection and\n cross-site scripting attacks provided PHP's 'magic_quotes' setting is disabled due to its failure to sanitize the\n request URI before using it in 'system/functions.php' in the function 'ldu_log()'. A malicious user may be able\n to exploit this issue to manipulate SQL queries, steal authentication cookies, and the like.\n\n In addition, it also fails to properly sanitize the user-supplied signature in forum posts. A malicious user can\n exploit this vulnerability to steal authentication cookies and manipulate the HTML format in 'forums.php'.\");\n\n script_xref(name:\"URL\", value:\"http://www.securityfocus.org/archive/1/408664\");\n script_xref(name:\"URL\", value:\"http://www.neocrome.net/forums.php?m=posts&p=83412#83412\");\n script_xref(name:\"URL\", value:\"http://archives.neohapsis.com/archives/bugtraq/2005-08/0395.html\");\n\n exit(0);\n}\n\ninclude(\"host_details.inc\");\ninclude(\"http_func.inc\");\ninclude(\"http_keepalive.inc\");\n\nif (!port = get_app_port(cpe: CPE))\n exit(0);\n\nif (!dir = get_app_location(cpe: CPE, port: port))\n exit(0);\n\nif (dir == \"/\")\n dir = \"\";\n\nreq = http_get(item: dir + \"/index.php?m='\", port: port);\nres = http_keepalive_send_recv(port:port, data:req, bodyonly:TRUE);\n\nif (egrep(string:res, pattern:string(\"MySQL error.+syntax to use near '\"))) {\n security_message(port);\n exit(0);\n}\n\nexit(99);", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2017-12-08T11:44:05", "bulletinFamily": "scanner", "description": "The remote web server contains a PHP script that permits SQL injection\nand cross-site scripting attacks. \n\nDescription :\n\nThe remote version of Land Down Under is prone to various SQL\ninjection and cross-site scripting attacks provided PHP's\n'magic_quotes' setting is disabled due to its failure to sanitize the\nrequest URI before using it in 'system/functions.php' in the function\n'ldu_log()'. A malicious user may be able to exploit this issue to\nmanipulate SQL queries, steal authentication cookies, and the like. \n\nIn addition, it also fails to properly sanitize the user-supplied\nsignature in forum posts.. A malicious user can exploit this\nvulnerability to steal authentication cookies and manipulate the HTML\nformat in 'forums.php'.", "modified": "2017-12-07T00:00:00", "published": "2006-03-26T00:00:00", "href": "http://plugins.openvas.org/nasl.php?oid=19678", "id": "OPENVAS:19678", "title": "Land Down Under <= 800 Multiple Vulnerabilities", "type": "openvas", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: ldu_sql_injection.nasl 8023 2017-12-07 08:36:26Z teissa $\n# Description: Land Down Under <= 800 Multiple Vulnerabilities\n#\n# Authors:\n# Josh Zlatin-Amishav <josh at ramat doti cc>\n# Changes by Tenable Network Security :\n# - improved description\n# - do a more reliable test (if magic_quotes is on the host is not vulnerable)\n# - added references\n#\n# Copyright:\n# Copyright (C) 2005 Josh Zlatin-Amishav\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ntag_summary = \"The remote web server contains a PHP script that permits SQL injection\nand cross-site scripting attacks. \n\nDescription :\n\nThe remote version of Land Down Under is prone to various SQL\ninjection and cross-site scripting attacks provided PHP's\n'magic_quotes' setting is disabled due to its failure to sanitize the\nrequest URI before using it in 'system/functions.php' in the function\n'ldu_log()'. A malicious user may be able to exploit this issue to\nmanipulate SQL queries, steal authentication cookies, and the like. \n\nIn addition, it also fails to properly sanitize the user-supplied\nsignature in forum posts.. A malicious user can exploit this\nvulnerability to steal authentication cookies and manipulate the HTML\nformat in 'forums.php'.\";\n\ntag_solution = \"Upgrade to Land Down Under version 801 or later.\";\n\nif(description)\n{\n script_id(19678);\n script_version(\"$Revision: 8023 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-12-07 09:36:26 +0100 (Thu, 07 Dec 2017) $\");\n script_tag(name:\"creation_date\", value:\"2006-03-26 17:55:15 +0200 (Sun, 26 Mar 2006)\");\n script_cve_id(\"CVE-2005-2674\", \"CVE-2005-2675\", \"CVE-2005-2780\");\n script_bugtraq_id(14618, 14619, 14677);\n script_xref(name:\"OSVDB\", value:\"19298\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n\n name = \"Land Down Under <= 800 Multiple Vulnerabilities\";\n script_name(name);\n\n\n\n script_category(ACT_ATTACK);\n script_tag(name:\"qod_type\", value:\"remote_active\");\n\n script_family(\"Web application abuses\");\n script_copyright(\"Copyright (C) 2005 Josh Zlatin-Amishav\");\n script_dependencies(\"ldu_detection.nasl\");\n script_require_ports(\"Services/www\", 80);\n script_mandatory_keys(\"ldu/installed\");\n\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n script_xref(name : \"URL\" , value : \"http://www.securityfocus.org/archive/1/408664\");\n script_xref(name : \"URL\" , value : \"http://www.neocrome.net/forums.php?m=posts&p=83412#83412\");\n script_xref(name : \"URL\" , value : \"http://archives.neohapsis.com/archives/bugtraq/2005-08/0395.html\");\n exit(0);\n}\n\ninclude(\"http_func.inc\");\ninclude(\"http_keepalive.inc\");\n\nport = get_http_port(default:80);\nif(!can_host_php(port:port)) exit(0);\n\n# Test an install.\ninstall = get_kb_item(string(\"www/\", port, \"/ldu\"));\nif (isnull(install)) exit(0);\nmatches = eregmatch(string:install, pattern:\"^(.+) under (/.*)$\");\nif (!isnull(matches)) {\n ver = matches[1];\n dir = matches[2];\n\n req = http_get(\n item:string(\n dir, \"/index.php?\",\n \"m='\", SCRIPT_NAME\n ), \n port:port\n );\n res = http_keepalive_send_recv(port:port, data:req, bodyonly:TRUE);\n\n if \n ( \n egrep(string:res, pattern:string(\"MySQL error.+syntax to use near '\", SCRIPT_NAME))\n )\n {\n security_message(port);\n exit(0);\n }\n\n # Check the version number in case magic_quotes is enabled.\n if (ver =~ \"^([0-7]|800)\") {\n report =\n string(\"***** OpenVAS has determined the vulnerability exists on the remote\\n\",\n \"***** host simply by looking at the version number of Land Down\\n\",\n \"***** Under installed there.\\n\");\n security_message(port:port, data:report);\n exit(0);\n }\n}\n", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}], "nessus": [{"lastseen": "2019-02-21T01:08:46", "bulletinFamily": "scanner", "description": "The remote version of Land Down Under is prone to various SQL injection and cross-site scripting attacks provided PHP's 'magic_quotes' setting is disabled due to its failure to sanitize the request URI before using it in 'system/functions.php' in the function 'ldu_log()'. A malicious user may be able to exploit this issue to manipulate SQL queries, steal authentication cookies, and the like. \n\nIn addition, it also fails to properly sanitize the user-supplied signature in forum posts. A malicious user can exploit this vulnerability to steal authentication cookies and manipulate the HTML format in 'forums.php'.", "modified": "2018-11-15T00:00:00", "id": "LDU_SQL_INJECTION.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=19678", "published": "2005-09-06T00:00:00", "title": "Land Down Under <= 800 Multiple Vulnerabilities", "type": "nessus", "sourceData": "#\n# This script was written by Josh Zlatin-Amishav <josh at ramat doti cc>\n#\n# This script is released under the GNU GPLv2\n#\n# Changes by Tenable:\n# - improved description\n# - do a more reliable test (if magic_quotes is on the host is not vulnerable)\n# - added references\n# - Fixed typo and added CPE\n\ninclude(\"compat.inc\");\n\nif(description)\n{\n script_id(19678);\n script_version (\"1.26\");\n script_cve_id(\"CVE-2005-2674\", \"CVE-2005-2675\", \"CVE-2005-2780\");\n script_bugtraq_id(14618, 14619, 14677);\n\n script_name(english:\"Land Down Under <= 800 Multiple Vulnerabilities\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote web server contains a PHP script that permits SQL injection\nand cross-site scripting attacks.\" );\n script_set_attribute(attribute:\"description\", value:\n\"The remote version of Land Down Under is prone to various SQL\ninjection and cross-site scripting attacks provided PHP's\n'magic_quotes' setting is disabled due to its failure to sanitize the\nrequest URI before using it in 'system/functions.php' in the function\n'ldu_log()'. A malicious user may be able to exploit this issue to\nmanipulate SQL queries, steal authentication cookies, and the like. \n\nIn addition, it also fails to properly sanitize the user-supplied\nsignature in forum posts. A malicious user can exploit this\nvulnerability to steal authentication cookies and manipulate the HTML\nformat in 'forums.php'.\" );\n script_set_attribute(attribute:\"see_also\", value:\"https://seclists.org/bugtraq/2005/Aug/275\" );\n script_set_attribute(attribute:\"see_also\", value:\"https://seclists.org/bugtraq/2005/Aug/393\" );\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrade to Land Down Under version 801 or later.\" );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:F/RL:U/RC:ND\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_cwe_id(20, 74, 79, 442, 629, 711, 712, 722, 725, 750, 751, 800, 801, 809, 811, 864, 900, 928, 931, 990);\n\n script_set_attribute(attribute:\"plugin_publication_date\", value: \"2005/09/06\");\n script_set_attribute(attribute:\"vuln_publication_date\", value: \"2005/08/21\");\n\n script_cvs_date(\"Date: 2018/11/15 20:50:17\");\n script_set_attribute(attribute:\"plugin_type\", value:\"remote\");\n script_set_attribute(attribute:\"cpe\",value:\"cpe:/a:neocrome:land_down_under\");\n script_end_attributes();\n\n summary[\"english\"] = \"Checks for SQL injection in LDU's index.php\";\n\n script_summary(english:summary[\"english\"]);\n\n script_category(ACT_ATTACK);\n\n script_family(english:\"CGI abuses\");\n script_copyright(english:\"Copyright (C) 2005-2018 Josh Zlatin-Amishav\");\n\n script_dependencie(\"ldu_detection.nasl\");\n script_exclude_keys(\"Settings/disable_cgi_scanning\");\n script_require_ports(\"Services/www\", 80);\n script_require_keys(\"www/ldu\");\n exit(0);\n}\n\ninclude(\"global_settings.inc\");\ninclude(\"http_func.inc\");\ninclude(\"http_keepalive.inc\");\ninclude(\"url_func.inc\");\n\nport = get_http_port(default:80);\nif(!get_port_state(port))exit(0);\nif(!can_host_php(port:port)) exit(0);\n\n# Test an install.\ninstall = get_kb_item(string(\"www/\", port, \"/ldu\"));\nif (isnull(install)) exit(0);\nmatches = eregmatch(string:install, pattern:\"^(.+) under (/.*)$\");\nif (!isnull(matches)) {\n ver = matches[1];\n dir = matches[2];\n\n req = http_get(\n item:string(\n dir, \"/index.php?\",\n \"m='\", SCRIPT_NAME\n ), \n port:port\n );\n res = http_keepalive_send_recv(port:port, data:req, bodyonly:TRUE);\n\n if \n ( \n egrep(string:res, pattern:string(\"MySQL error.+syntax to use near '\", SCRIPT_NAME))\n )\n {\n security_warning(port);\n\tset_kb_item(name: 'www/'+port+'/XSS', value: TRUE);\n\tset_kb_item(name: 'www/'+port+'/SQLInjection', value: TRUE);\n exit(0);\n }\n\n # Check the version number in case magic_quotes is enabled.\n if (ver =~ \"^([0-7]|800)\") {\n desc = string(\n \"***** Nessus has determined the vulnerability exists on the remote\\n\",\n \"***** host simply by looking at the version number of Land Down\\n\",\n \"***** Under installed there.\\n\");\n security_warning(port:port, extra:desc);\n set_kb_item(name: 'www/'+port+'/XSS', value: TRUE);\n set_kb_item(name: 'www/'+port+'/SQLInjection', value: TRUE);\n exit(0);\n }\n}\n", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2019-02-21T01:08:45", "bulletinFamily": "scanner", "description": "The remote version of Land Down Under is prone to several SQL injection and cross-site scripting attacks due to its failure to sanitize user-supplied input to several parameters used by the 'auth.php', 'events.php', 'index.php', 'list.php', and 'plug.php' scripts. A malicious user can exploit exploit these flaws to manipulate SQL queries, steal authentication cookies, and the like.", "modified": "2018-11-15T00:00:00", "id": "LDU_801.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=19603", "published": "2005-09-09T00:00:00", "title": "Land Down Under <= 801 Multiple Vulnerabilities", "type": "nessus", "sourceData": "#\n# This script was written by Josh Zlatin-Amishav <josh at ramat doti cc>\n#\n# This script is released under the GNU GPLv2\n\n\n\ninclude(\"compat.inc\");\n\nif(description)\n{\n script_id(19603);\n script_version (\"1.25\");\n\n script_cve_id(\n \"CVE-2005-2674\", \n \"CVE-2005-2675\", \n \"CVE-2005-2788\", \n \"CVE-2005-2884\", \n \"CVE-2005-4821\"\n );\n script_bugtraq_id(14618, 14619, 14685, 14746, 14820);\n\n name[\"english\"] = \"Land Down Under <= 801 Multiple Vulnerabilities\";\n script_name(english:name[\"english\"]);\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote web server contains several PHP scripts that permit SQL\ninjection and cross-site scripting attacks.\" );\n script_set_attribute(attribute:\"description\", value:\n\"The remote version of Land Down Under is prone to several SQL\ninjection and cross-site scripting attacks due to its failure to\nsanitize user-supplied input to several parameters used by the\n'auth.php', 'events.php', 'index.php', 'list.php', and 'plug.php'\nscripts. A malicious user can exploit exploit these flaws to\nmanipulate SQL queries, steal authentication cookies, and the like.\" );\n script_set_attribute(attribute:\"see_also\", value:\"https://packetstormsecurity.com/0509-advisories/LDU801.txt\" );\n script_set_attribute(attribute:\"see_also\", value:\"https://www.securityfocus.com/archive/1/409511\" );\n script_set_attribute(attribute:\"see_also\", value:\"https://seclists.org/fulldisclosure/2005/Aug/985\" );\n script_set_attribute(attribute:\"see_also\", value:\"http://www.g-0.org/code/ldu-adv.html\" );\n script_set_attribute(attribute:\"solution\", value:\n\"Unknown at this time.\" );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:F/RL:U/RC:ND\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_cwe_id(20, 74, 79, 442, 629, 711, 712, 722, 725, 750, 751, 800, 801, 809, 811, 864, 900, 928, 931, 990);\n\n script_set_attribute(attribute:\"plugin_publication_date\", value: \"2005/09/09\");\n script_set_attribute(attribute:\"vuln_publication_date\", value: \"2005/08/21\");\n script_cvs_date(\"Date: 2018/11/15 20:50:17\");\nscript_set_attribute(attribute:\"plugin_type\", value:\"remote\");\nscript_set_attribute(attribute:\"cpe\", value:\"cpe:/a:neocrome:land_down_under\");\nscript_end_attributes();\n\n\n summary[\"english\"] = \"Checks for SQL injection in LDU's list.php\";\n script_summary(english:summary[\"english\"]);\n\n script_category(ACT_ATTACK);\n\n script_family(english:\"CGI abuses\");\n script_copyright(english:\"Copyright (C) 2005-2018 Josh Zlatin-Amishav\");\n script_dependencie(\"ldu_detection.nasl\");\n script_require_ports(\"Services/www\", 80);\n script_require_keys(\"www/ldu\");\n exit(0);\n}\n\ninclude(\"global_settings.inc\");\ninclude(\"http_func.inc\");\ninclude(\"http_keepalive.inc\");\ninclude(\"url_func.inc\");\n\nport = get_http_port(default:80);\nif(!get_port_state(port))exit(0);\nif(!can_host_php(port:port)) exit(0);\n\n# Test an install.\ninstall = get_kb_item(string(\"www/\", port, \"/ldu\"));\nif (isnull(install)) exit(0);\nmatches = eregmatch(string:install, pattern:\"^(.+) under (/.*)$\");\nif (!isnull(matches)) {\n dir = matches[2];\n\n req = http_get(\n item:string(\n dir, \"/list.php?\",\n \"c='&s=title&w=asc&o=\", \n SCRIPT_NAME, \n \"&p=1\"\n ), \n port:port\n );\n res = http_keepalive_send_recv(port:port, data:req, bodyonly:TRUE);\n\n if \n ( \n \"MySQL error\" >< res && \n egrep(string:res, pattern:string(\"syntax to use near '(asc&o=|0.+page_\", SCRIPT_NAME, \")\"))\n )\n {\n security_hole(port);\n\tset_kb_item(name: 'www/'+port+'/XSS', value: TRUE);\n\tset_kb_item(name: 'www/'+port+'/SQLInjection', value: TRUE);\n exit(0);\n }\n}\n", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}]}
