Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
nessusThis script is Copyright (C) 2002-2022 Tenable Network Security, Inc.ASP_NET_CSS.NASL
HistoryFeb 05, 2002 - 12:00 a.m.

Microsoft IIS ASP Redirection Function XSS

2002-02-0500:00:00
This script is Copyright (C) 2002-2022 Tenable Network Security, Inc.
www.tenable.com
32
JSON

The remote host contains an ASP.NET installation that is affected by a cross-site scripting vulnerability. An attacker can exploit this issue to execute arbitrary HTML or script code in a user’s browser within the security context of the affected site.

#%NASL_MIN_LEVEL 70300
#
# (C) Tenable Network Security, Inc.
#

# Script audit and contributions from Carmichael Security
#      Erik Anderson <[email protected]>
#      Added links to the Bugtraq message archive and Microsoft Knowledgebase
#

include('deprecated_nasl_level.inc');
include('compat.inc');

if (description)
{
  script_id(10844);
  script_version("1.37");
  script_set_attribute(attribute:"plugin_modification_date", value:"2022/04/11");

  script_cve_id("CVE-2003-0223");
  script_bugtraq_id(7731);

  script_name(english:"Microsoft IIS ASP Redirection Function XSS");

  script_set_attribute(attribute:"synopsis", value:
"The remote host is affected by a cross-site scripting vulnerability.");
  script_set_attribute(attribute:"description", value:
"The remote host contains an ASP.NET installation that is affected by a
cross-site scripting vulnerability. An attacker can exploit this issue
to execute arbitrary HTML or script code in a user's browser within
the security context of the affected site.");
  script_set_attribute(attribute:"see_also", value:"https://msdn.microsoft.com/en-us/library/ms972823.aspx");
  script_set_attribute(attribute:"see_also", value:"https://support.microsoft.com/en-us/help/811114/ms03-018-may-2003-cumulative-patch-for-internet-information-services-i");
  script_set_attribute(attribute:"solution", value:
"Microsoft released a patch for this issue. Refer to the supplied link.");
  script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:N/I:P/A:N");
  script_set_cvss_temporal_vector("CVSS2#E:H/RL:OF/RC:C");

  script_set_attribute(attribute:"exploitability_ease", value:"No exploit is required");
  script_set_attribute(attribute:"exploit_available", value:"false");
  script_set_attribute(attribute:"exploited_by_nessus", value:"true");
  script_cwe_id(20, 74, 79, 442, 629, 711, 712, 722, 725, 750, 751, 800, 801, 809, 811, 864, 900, 928, 931, 990);

  script_set_attribute(attribute:"vuln_publication_date", value:"2003/05/28");
  script_set_attribute(attribute:"patch_publication_date", value:"2002/05/28");
  script_set_attribute(attribute:"plugin_publication_date", value:"2002/02/05");

  script_set_attribute(attribute:"plugin_type", value:"remote");
  script_set_attribute(attribute:"cpe", value:"cpe:/a:microsoft:internet_information_server");
  script_set_attribute(attribute:"thorough_tests", value:"true");
  script_end_attributes();

  script_category(ACT_ATTACK);
  script_family(english:"CGI abuses : XSS");

  script_copyright(english:"This script is Copyright (C) 2002-2022 Tenable Network Security, Inc.");

  script_dependencies("http_version.nasl", "cross_site_scripting.nasl");
  script_require_keys("www/ASP", "www/iis");
  script_require_ports("Services/www", 80);

  exit(0);
}

include("audit.inc");
include("global_settings.inc");
include("misc_func.inc");
include("http.inc");

port = get_http_port(default:80, asp:TRUE);

if(get_kb_item("www/"+ port + "/generic_xss")) exit(0);

# Ensure we only flag an IIS server.
banner = get_http_banner(port:port, exit_on_fail:TRUE);
if ("IIS/" >!< banner) audit(AUDIT_WRONG_WEB_SERVER, port, "Microsoft IIS");

xss_tag = SCRIPT_NAME - ".nasl" + "-" + unixtime();
str = "/~/<script>alert('"+xss_tag+"')</script>.aspx?aspxerrorpath=null";
r = http_send_recv3(port: port, method: 'GET', item: str, exit_on_fail:TRUE);

lookfor = "<script>alert('"+xss_tag+"')</script>";
if (lookfor >< r[2] && r[0] =~ "301|302")
{
  output = extract_pattern_from_resp(pattern:"ST:"+lookfor, string: r[2]);
  if (empty_or_null(output)) output = r[2];
  security_report_v4(
    port       : port,
    severity   : SECURITY_WARNING,
    generic    : TRUE,
    xss        : TRUE,  # XSS KB key
    request    : make_list(build_url(qs:str, port:port)),
    output     : output
  );
  exit(0);
}
else audit(AUDIT_LISTEN_NOT_VULN, "Microsoft IIS", port);
VendorProductVersionCPE
microsoftinternet_information_servercpe:/a:microsoft:internet_information_server

Related

cve 1
openvas 1
nessus 1
cve
cve
CVE-2003-0223
2003-06-09 04:00:00
openvas
openvas
Microsoft IIS MS03-018 Security Check
2009-03-16 00:00:00
nessus
nessus
MS03-018: Cumulative Patch for Internet Information Services (11114)
2003-06-02 00:00:00
JSON
Related for ASP_NET_CSS.NASL
cve1openvas1nessus1