Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
nessusThis script is Copyright (C) 2004-2022 Tenable Network Security, Inc.PHPBB_LOGIN_FORM_SQL.NASL
HistoryNov 22, 2004 - 12:00 a.m.

phpBB viewtopic.php highlight Parameter SQL Injection (ESMARKCONANT)

2004-11-2200:00:00
This script is Copyright (C) 2004-2022 Tenable Network Security, Inc.
www.tenable.com
172
JSON

The remote host is running phpBB. There is a flaw in the remote software that could allow anyone to inject arbitrary SQL commands in the login form. An attacker could exploit this flaw to bypass the authentication of the remote host or execute arbitrary SQL statements against the remote database.

ESMARKCONANT is one of multiple Equation Group vulnerabilities and exploits disclosed on 2017/04/14 by a group known as the Shadow Brokers.

#%NASL_MIN_LEVEL 70300
#
# (C) Tenable Network Security, Inc.
#

include('deprecated_nasl_level.inc');
include('compat.inc');

if (description)
{
  script_id(15780);
  script_version("1.23");
  script_set_attribute(attribute:"plugin_modification_date", value:"2022/04/11");

  script_cve_id("CVE-2004-1315");
  script_bugtraq_id(11716);
  script_xref(name:"CERT", value:"497400");
  script_xref(name:"EDB-ID", value:"647");

  script_name(english:"phpBB viewtopic.php highlight Parameter SQL Injection (ESMARKCONANT)");

  script_set_attribute(attribute:"synopsis", value:
"A remote web application is vulnerable to SQL injection.");
  script_set_attribute(attribute:"description", value:
"The remote host is running phpBB. There is a flaw in the remote
software that could allow anyone to inject arbitrary SQL commands in
the login form. An attacker could exploit this flaw to bypass the
authentication of the remote host or execute arbitrary SQL statements
against the remote database.

ESMARKCONANT is one of multiple Equation Group vulnerabilities and
exploits disclosed on 2017/04/14 by a group known as the Shadow
Brokers.");
  script_set_attribute(attribute:"solution", value:
"Upgrade to the latest version of this software.");
  script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P");
  script_set_cvss_temporal_vector("CVSS2#E:H/RL:OF/RC:C");
  script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H");
  script_set_cvss3_temporal_vector("CVSS:3.0/E:H/RL:O/RC:C");

  script_set_attribute(attribute:"exploitability_ease", value:"No exploit is required");
  script_set_attribute(attribute:"exploit_available", value:"false");
  script_set_attribute(attribute:"metasploit_name", value:'phpBB viewtopic.php Arbitrary Code Execution');
  script_set_attribute(attribute:"exploit_framework_metasploit", value:"true");
  script_set_attribute(attribute:"in_the_news", value:"true");

  script_set_attribute(attribute:"vuln_publication_date", value:"2004/11/12");
  script_set_attribute(attribute:"plugin_publication_date", value:"2004/11/22");

  script_set_attribute(attribute:"plugin_type", value:"remote");
  script_set_attribute(attribute:"cpe", value:"cpe:/a:phpbb_group:phpbb");
  script_set_attribute(attribute:"thorough_tests", value:"true");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_family(english:"CGI abuses");

  script_copyright(english:"This script is Copyright (C) 2004-2022 Tenable Network Security, Inc.");

  script_dependencies("phpbb_detect.nasl");
  script_require_keys("www/phpBB");
  script_require_ports("Services/www", 80);

  exit(0);
}

# Check starts here
include("global_settings.inc");
include("misc_func.inc");
include("http.inc");

port = get_http_port(default:80);

kb = get_kb_item("www/" + port + "/phpBB");
if ( ! kb ) exit(0);

matches = eregmatch(pattern:"(.*) under (.*)", string:kb);
version = matches[1];

if ( ereg(pattern:"^([01]\.|2\.0\.([0-9]|10)([^0-9]|$))", string:version ) )
{
	security_hole(port);
  set_kb_item(name: 'www/'+port+'/SQLInjection', value: TRUE);
}
VendorProductVersionCPE
phpbb_groupphpbbcpe:/a:phpbb_group:phpbb

Related

nessus 3
packetstorm 3
seebug 3
openvas 4
checkpoint_advisories 4
exploitpack 1
freebsd 1
cve 1
gentoo 1
exploitdb 1
nessus
nessus
phpBB < 2.0.11 Multiple Vulnerabilities (ESMARKCONANT)
2005-01-18 00:00:00
GLSA-200411-32 : phpBB: Remote command execution
2004-11-24 00:00:00
FreeBSD : phpbb -- arbitrary command execution and other vulnerabilities (e3cf89f0-53da-11d9-92b7-ceadd4ac2edd)
2005-07-13 00:00:00
packetstorm
packetstorm
PHP-Nuke 7.0 / 8.1 / 8.1.35 Wormable Remote Code Execution
2010-05-05 00:00:00
phpBB viewtopic.php Arbitrary Code Execution
2009-12-31 00:00:00
phpBB viewtopic.php Arbitrary Code Execution
2009-10-30 00:00:00
seebug
seebug
PHP-Nuke 7.0/8.1/8.1.35 - Wormable Remote Code Execution
2014-07-01 00:00:00
Wormable Remote Code Execution in PHP-Nuke 7.0/8.1/8.1.35
2010-05-05 00:00:00
PHP-Nuke倚δΈͺSQL注ε…₯漏洞
2010-05-08 00:00:00
openvas
openvas
Gentoo Security Advisory GLSA 200411-32 (phpBB)
2008-09-24 00:00:00
FreeBSD Ports: phpbb
2008-09-04 00:00:00
FreeBSD Ports: phpbb
2008-09-04 00:00:00
checkpoint_advisories
checkpoint_advisories
PhpBB viewtopic.php URL Decoding Code Execution - Ver2 (CVE-2004-1315)
2014-04-16 00:00:00
HTTP URL Patterns (CAN-2004-1315)
2019-06-23 00:00:00
phpBB viewtopic.php URL Decoding Code Execution (CVE-2004-1315)
2012-08-20 00:00:00
exploitpack
exploitpack
PHP-Nuke 7.08.18.1.35 - Wormable Remote Code Execution
2010-05-05 00:00:00
freebsd
freebsd
phpbb -- arbitrary command execution and other vulnerabilities
2004-11-18 00:00:00
cve
cve
CVE-2004-1315
2004-11-12 05:00:00
gentoo
gentoo
phpBB: Remote command execution
2004-11-24 00:00:00
exploitdb
exploitdb
PHP-Nuke 7.0/8.1/8.1.35 - Wormable Remote Code Execution
2010-05-05 00:00:00
JSON
Related for PHPBB_LOGIN_FORM_SQL.NASL
nessus3packetstorm3seebug3openvas4checkpoint_advisories4exploitpack1freebsd1cve1gentoo1exploitdb1