Lucene search
This script is Copyright (C) 2004-2021 Tenable Network Security, Inc.PERLDESK_SCRIPT_EXEC.NASLHistorySep 15, 2004 - 12:00 a.m.
PerlDesk pdesk.cgi lang Parameter Traversal Arbitrary File Access
2004-09-1500:00:00
This script is Copyright (C) 2004-2021 Tenable Network Security, Inc.
www.tenable.com
204
CVSS2
5
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
NONE
AV:N/AC:L/Au:N/C:P/I:N/A:N
EPSS
0.017
Percentile
88.1%
The remote host is running PerlDesk, a web-based help desk and email management application written in perl.
There is a file inclusion issue in the remote version of this software which may allow an attacker to read fragments of arbitrary files on the remote host and to execute arbirary perl scripts, provided that an attacker may upload a script in the first place.
#%NASL_MIN_LEVEL 70300
#
# (C) Tenable Network Security, Inc.
#
include('deprecated_nasl_level.inc');
include('compat.inc');
if (description)
{
script_id(14733);
script_version("1.14");
script_cve_id("CVE-2004-1678");
script_bugtraq_id(11160);
script_name(english:"PerlDesk pdesk.cgi lang Parameter Traversal Arbitrary File Access");
script_set_attribute(attribute:"synopsis", value:
"It is possible to read arbitrary files from the remote
system." );
script_set_attribute(attribute:"description", value:
"The remote host is running PerlDesk, a web-based help desk
and email management application written in perl.
There is a file inclusion issue in the remote version of
this software which may allow an attacker to read fragments
of arbitrary files on the remote host and to execute arbirary
perl scripts, provided that an attacker may upload a script
in the first place." );
script_set_attribute(attribute:"solution", value:
"Upgrade to the latest version of this software." );
script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:N");
script_set_cvss_temporal_vector("CVSS2#E:POC/RL:OF/RC:C");
script_set_attribute(attribute:"exploitability_ease", value:"No exploit is required");
script_set_attribute(attribute:"exploit_available", value:"false");
script_set_attribute(attribute:"plugin_publication_date", value: "2004/09/15");
script_set_attribute(attribute:"vuln_publication_date", value: "2004/09/12");
script_set_attribute(attribute:"plugin_modification_date", value:"2021/01/19");
script_set_attribute(attribute:"plugin_type", value:"remote");
script_end_attributes();
script_summary(english:"Determines if perldesk is vulnerable to a file inclusion");
script_category(ACT_GATHER_INFO);
script_family(english:"CGI abuses");
script_copyright(english:"This script is Copyright (C) 2004-2021 Tenable Network Security, Inc.");
script_dependencie("find_service1.nasl", "http_version.nasl");
script_require_ports("Services/www", 80);
exit(0);
}
include("global_settings.inc");
include("http.inc");
include("misc_func.inc");
port = get_http_port(default:80);
res = http_send_recv3(port:port, method:"GET", item:"/cgi-bin/pdesk.cgi?lang=../../../../../../../../etc/passwd%00", exit_on_fail: 1);
if('"*:0"' >< res[2] && '"/bin/' >< res[2] )
{
security_warning(port);
exit(0);
}
Related
nvd
nvd
CVE-2004-1678
2004-09-13 04:00:00
cvelist
cvelist
CVE-2004-1678
2005-02-20 05:00:00
exploitdb
exploitdb
PerlDesk Language Variable - Server-Side Script Execution
2004-09-13 00:00:00
cve
cve
CVE-2004-1678
2005-02-20 05:00:00
CVSS2
5
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
NONE
AV:N/AC:L/Au:N/C:P/I:N/A:N
EPSS
0.017
Percentile
88.1%
Related for PERLDESK_SCRIPT_EXEC.NASL