Lucene search
This script is Copyright (C) 2002-2021 Tenable Network Security, Inc.BASILIX_WEBMAIL.NASLHistoryAug 14, 2002 - 12:00 a.m.
Basilix Webmail basilix.php3 request_id[DUMMY] Variable Traversal Arbitrary File Access
2002-08-1400:00:00
This script is Copyright (C) 2002-2021 Tenable Network Security, Inc.
www.tenable.com
61
The script ‘basilix.php3’ is installed on the remote web server. Some versions of this webmail software allow the users to read any file on the system with the permission of the webmail software, and execute any PHP.
#%NASL_MIN_LEVEL 70300
#
# (C) Tenable Network Security, Inc.
#
# References:
# From: "karol _" <[email protected]>
# To: [email protected]
# CC: [email protected]
# Date: Fri, 06 Jul 2001 21:04:55 +0200
# Subject: basilix bug
#
include('deprecated_nasl_level.inc');
include('compat.inc');
if (description)
{
script_id(11072);
script_version("1.27");
script_set_attribute(attribute:"plugin_modification_date", value:"2021/01/19");
script_cve_id("CVE-2001-1045");
script_bugtraq_id(2995);
script_name(english:"Basilix Webmail basilix.php3 request_id[DUMMY] Variable Traversal Arbitrary File Access");
script_summary(english:"Checks for the presence of basilix.php3");
script_set_attribute(attribute:"synopsis", value:
"The remote web server contains a PHP script that is prone to a remote
file include attack.");
script_set_attribute(attribute:"description", value:
"The script 'basilix.php3' is installed on the remote web server. Some
versions of this webmail software allow the users to read any file on
the system with the permission of the webmail software, and execute
any PHP.");
script_set_attribute(attribute:"see_also", value:"https://seclists.org/bugtraq/2001/Jul/114");
script_set_attribute(attribute:"solution", value:"Update Basilix or remove DUMMY from lang.inc.");
script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P");
script_set_cvss_temporal_vector("CVSS2#E:H/RL:W/RC:C");
script_set_attribute(attribute:"exploitability_ease", value:"No exploit is required");
script_set_attribute(attribute:"exploit_available", value:"true");
script_set_attribute(attribute:"vuln_publication_date", value:"2001/07/06");
script_set_attribute(attribute:"plugin_publication_date", value:"2002/08/14");
script_set_attribute(attribute:"potential_vulnerability", value:"true");
script_set_attribute(attribute:"plugin_type", value:"remote");
script_end_attributes();
script_category(ACT_GATHER_INFO);
script_copyright(english:"This script is Copyright (C) 2002-2021 Tenable Network Security, Inc.");
script_family(english:"CGI abuses");
script_dependencies("http_version.nasl", "logins.nasl");
script_require_keys("imap/login", "imap/password", "Settings/ParanoidReport", "www/PHP");
script_require_ports("Services/www", 80);
exit(0);
}
include("audit.inc");
include("global_settings.inc");
include("misc_func.inc");
include("http.inc");
if (report_paranoia < 2) audit(AUDIT_PARANOID);
port = get_http_port(default:80);
if (!can_host_php(port:port)) exit(0);
user = get_kb_item("imap/login");
pass = get_kb_item("imap/password");
if (!user || !pass)
exit(1, "imap/login and/or imap/password are empty");
url=string("/basilix.php3?request_id[DUMMY]=../../../../../../../../../etc/passwd&RequestID=DUMMY&username=", user, "&password=", pass);
if(is_cgi_installed3(port:port, item:url)){ security_hole(port); exit(0); }
Related
cvelist
cvelist
CVE-2001-1045
2002-02-02 05:00:00
cve
cve
CVE-2001-1045
2001-07-06 04:00:00
openvas
openvas
Basilix Webmail Dummy Request Vulnerability
2005-11-03 00:00:00
Related for BASILIX_WEBMAIL.NASL