Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
nessusThis script is Copyright (C) 2006-2022 Tenable Network Security, Inc.INVISION_POWER_BOARD_217.NASL
HistoryJul 24, 2006 - 12:00 a.m.

Invision Power Board classes/class_session.php CLIENT_IP HTTP Header SQL Injection

2006-07-2400:00:00
This script is Copyright (C) 2006-2022 Tenable Network Security, Inc.
www.tenable.com
14

CVSS2

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

EPSS

0.007

Percentile

80.1%

JSON

According to its banner, the installation of Invision Power Board on the remote host reportedly fails to sanitize input to the ‘CLIENT_IP’ HTTP request header before using it in database queries. An unauthenticated attacker may be able to leverage this issue to disclose sensitive information, modify data, or launch attacks against the underlying database.

Note that it’s unclear whether successful exploitation depends on any PHP settings, such as ‘magic_quotes’.

#%NASL_MIN_LEVEL 70300
#
# (C) Tenable Network Security, Inc.
#

include('deprecated_nasl_level.inc');
include('compat.inc');

if (description)
{
  script_id(22089);
  script_version("1.18");
  script_set_attribute(attribute:"plugin_modification_date", value:"2022/04/11");

  script_cve_id("CVE-2006-7071");
  script_bugtraq_id(18984);
  script_xref(name:"EDB-ID", value:"2010");

  script_name(english:"Invision Power Board classes/class_session.php CLIENT_IP HTTP Header SQL Injection");

  script_set_attribute(attribute:"synopsis", value:
"The remote web server contains a PHP application that is susceptible
to a SQL injection attack.");
  script_set_attribute(attribute:"description", value:
"According to its banner, the installation of Invision Power Board on
the remote host reportedly fails to sanitize input to the 'CLIENT_IP'
HTTP request header before using it in database queries.  An
unauthenticated attacker may be able to leverage this issue to
disclose sensitive information, modify data, or launch attacks against
the underlying database. 

Note that it's unclear whether successful exploitation depends on any
PHP settings, such as 'magic_quotes'.");
  script_set_attribute(attribute:"solution", value:
"Upgrade to Invision Power Board 2.1.7 or later.");
  script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P");
  script_set_cvss_temporal_vector("CVSS2#E:F/RL:U/RC:ND");

  script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
  script_set_attribute(attribute:"exploit_available", value:"true");

  script_set_attribute(attribute:"vuln_publication_date", value:"2006/07/14");
  script_set_attribute(attribute:"plugin_publication_date", value:"2006/07/24");

  script_set_attribute(attribute:"plugin_type", value:"remote");
  script_set_attribute(attribute:"cpe", value:"cpe:/a:invisionpower:invision_power_board");
  script_set_attribute(attribute:"thorough_tests", value:"true");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_family(english:"CGI abuses");

  script_copyright(english:"This script is Copyright (C) 2006-2022 Tenable Network Security, Inc.");

  script_dependencies("invision_power_board_detect.nasl");
  script_require_keys("www/invision_power_board");
  script_exclude_keys("Settings/disable_cgi_scanning");
  script_require_ports("Services/www", 80);

  exit(0);
}

include("global_settings.inc");
include("misc_func.inc");
include("http.inc");


port = get_http_port(default:80);
if (!can_host_php(port:port)) exit(0);


# Test an install.
install = get_kb_item(string("www/", port, "/invision_power_board"));
if (isnull(install)) exit(0);
matches = eregmatch(pattern:"^(.+) under (/.*)$", string:install);
if (!isnull(matches))
{
  ver = matches[1];

  if (ver && ver =~ "^([01]\.|2\.(0\.|1\.[0-6][^0-9]?))")
  {
    security_hole(port);
    set_kb_item(name: 'www/'+port+'/SQLInjection', value: TRUE);
    exit(0);
  }
}

Related

cve 1
cvelist 1
exploitdb 2
nvd 1
cve
cve
CVE-2006-7071
2007-03-02 21:18:00
cvelist
cvelist
CVE-2006-7071
2007-02-27 18:00:00
exploitdb
exploitdb
Invision Power Board 2.1 < 2.1.6 - SQL Injection (2)
2006-07-18 00:00:00
Invision Power Board 2.1 < 2.1.6 - SQL Injection (1)
2006-07-14 00:00:00
nvd
nvd
CVE-2006-7071
2007-03-02 21:18:00

CVSS2

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

EPSS

0.007

Percentile

80.1%

JSON
Related for INVISION_POWER_BOARD_217.NASL
cve1cvelist1exploitdb2nvd1