7.5 High
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
0.008 Low
EPSS
Percentile
81.6%
The remote host appears to be running the AntiBoard bulletin board system. There are multiple SQL injection vulnerabilities in the remote software that may allow an attacker to execute arbitrary SQL commands on the remote host, and possibly bypass the authentication mechanisms of AntiBoard.
Note, AntiBoard is also affected by a cross-site scripting vulnerability, however Nessus has not tested this.
#%NASL_MIN_LEVEL 70300
#
# (C) Tenable Network Security, Inc.
#
include('deprecated_nasl_level.inc');
include('compat.inc');
if(description)
{
script_id(14187);
script_version("1.21");
script_set_attribute(attribute:"plugin_modification_date", value:"2021/01/19");
script_cve_id("CVE-2004-2062", "CVE-2004-2063");
script_bugtraq_id(10821);
script_xref(name:"Secunia", value:"12137");
script_name(english:"AntiBoard antiboard.php Multiple Parameter SQL Injection");
script_summary(english:"AntiBoard SQL Injection");
script_set_attribute(attribute:"synopsis", value:
"The remote host is running a PHP application that is affected by
multiple SQL injection vulnerabilities." );
script_set_attribute(attribute:"description", value:
"The remote host appears to be running the AntiBoard bulletin board
system. There are multiple SQL injection vulnerabilities in the
remote software that may allow an attacker to execute arbitrary SQL
commands on the remote host, and possibly bypass the authentication
mechanisms of AntiBoard.
Note, AntiBoard is also affected by a cross-site scripting
vulnerability, however Nessus has not tested this." );
script_set_attribute(attribute:"see_also", value:"https://seclists.org/bugtraq/2004/Jul/328" );
script_set_attribute(attribute:"solution", value:
"There is no known solution at this time." );
script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:N/I:P/A:N");
script_set_cvss_temporal_vector("CVSS2#E:H/RL:U/RC:ND");
script_set_attribute(attribute:"exploitability_ease", value:"No exploit is required");
script_set_attribute(attribute:"exploit_available", value:"true");
script_set_attribute(attribute:"plugin_publication_date", value: "2004/08/02");
script_set_attribute(attribute:"vuln_publication_date", value: "2004/07/27");
script_set_attribute(attribute:"plugin_type", value:"remote");
script_end_attributes();
script_category(ACT_GATHER_INFO);
script_copyright(english:"This script is Copyright (C) 2004-2021 Tenable Network Security, Inc.");
script_family(english:"CGI abuses");
script_dependencie("find_service1.nasl", "http_version.nasl");
script_require_ports("Services/www", 80);
script_exclude_keys("Settings/disable_cgi_scanning");
script_require_keys("www/PHP");
exit(0);
}
# Check starts here
include("global_settings.inc");
include("misc_func.inc");
include("http.inc");
port = get_http_port(default:80);
if ( ! can_host_php(port:port) ) exit(0);
foreach dir (cgi_dirs())
{
r = http_send_recv3(method:"GET",item:"/antiboard.php?thread_id='", port:port);
if (isnull(r)) exit(0);
res = strcat(r[0], r[1], '\r\n', r[2]);
if ("SELECT * FROM antiboard_threads WHERE thread_id =" >< res )
{
security_warning(port);
set_kb_item(name: 'www/'+port+'/SQLInjection', value: TRUE);
exit(0);
}
}