CoolPHP 1.0 Multiple Vulnerabilities

2004-10-18T00:00:00
ID COOLPHP_XSS.NASL
Type nessus
Reporter This script is Copyright (C) 2004-2018 and is owned by Tenable, Inc. or an Affiliate thereof.
Modified 2019-12-02T00:00:00

Description

The remote host is running the CoolPHP Content Management system.

There are various flaws in the remote version of this software which may allow an attacker to read arbitrary files on the remote host or to set up a cross-site scripting attack.

                                        
                                            #
# (C) Tenable Network Security, Inc.
#


include("compat.inc");

if(description)
{
 script_id(15506);
 script_version ("1.22");
 script_cve_id("CVE-2004-1599", "CVE-2004-1601");
 script_bugtraq_id(11437);

 script_name(english:"CoolPHP 1.0 Multiple Vulnerabilities");

 script_set_attribute(attribute:"synopsis", value:
"The remote web server is running an application that is vulnerable to
multiple flaws." );
 script_set_attribute(attribute:"description", value:
"The remote host is running the CoolPHP Content Management system.

There are various flaws in the remote version of this software which
may allow an attacker to read arbitrary files on the remote host or to
set up a cross-site scripting attack." );
 script_set_attribute(attribute:"solution", value:
"None at this time." );
 script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:N");
 script_set_cvss_temporal_vector("CVSS2#E:POC/RL:OF/RC:C");
 script_set_attribute(attribute:"exploitability_ease", value:"No exploit is required");
 script_set_attribute(attribute:"exploit_available", value:"false");
 script_cwe_id(20, 74, 79, 442, 629, 711, 712, 722, 725, 750, 751, 800, 801, 809, 811, 864, 900, 928, 931, 990);

 script_set_attribute(attribute:"plugin_publication_date", value: "2004/10/18");
 script_set_attribute(attribute:"vuln_publication_date", value: "2004/10/16");
 script_cvs_date("Date: 2018/08/22 16:49:13");
script_set_attribute(attribute:"plugin_type", value:"remote");
script_end_attributes();

 script_summary(english:"Checks for CoolPHP");
 script_category(ACT_ATTACK);
 script_copyright(english:"This script is Copyright (C) 2004-2018 and is owned by Tenable, Inc. or an Affiliate thereof.");
 script_family(english: "CGI abuses");
 script_dependencie("http_version.nasl", "cross_site_scripting.nasl");
 script_require_ports("Services/www", 80);
 script_exclude_keys("Settings/disable_cgi_scanning");
 script_require_keys("Settings/ParanoidReport", "www/PHP");
 exit(0);
}

# The script code starts here
include("global_settings.inc");
include("misc_func.inc");
include("http.inc");

port = get_http_port(default:80);

if(!get_port_state(port))exit(0);
if(get_kb_item(string("www/", port, "/generic_xss"))) exit(0);
if(!can_host_php(port:port))exit(0);

test_cgi_xss(port: port, cgi: '/index.php', 
 qs: "op=userinfo&nick=<script>foo</script>", 
 pass_str: "<script>foo</script>");