Lucene search
This script is Copyright (C) 2004-2021 Tenable Network Security, Inc.PHPPROJEKT_AUTH_BYPASS.NASLHistoryDec 05, 2004 - 12:00 a.m.
PHProjekt setup.php Authentication Bypass Arbitrary Code Execution
2004-12-0500:00:00
This script is Copyright (C) 2004-2021 Tenable Network Security, Inc.
www.tenable.com
260
The remote host is running PHProjekt, an open source PHP Groupware package. It runs on most Linux and Unix variants, in addition to Microsoft Windows operating systems.
An unspecified authentication bypass vulnerability is present in the ‘setup.php’ source file and may be exploited by a remote attacker to gain access to the ‘setup.php’ file without requiring authentication. The ‘setup.php’ file may then be employed to make administrative configuration changes to the PHPProjekt website.
#%NASL_MIN_LEVEL 70300
#
# (C) Tenable Network Security, Inc.
#
include('deprecated_nasl_level.inc');
include('compat.inc');
if(description)
{
script_id(15905);
script_version("1.17");
script_cve_id("CVE-2004-2739");
script_bugtraq_id(11797);
script_name(english:"PHProjekt setup.php Authentication Bypass Arbitrary Code Execution");
script_set_attribute(attribute:"synopsis", value:
"The remote web application can be reconfigured without credentials." );
script_set_attribute(attribute:"description", value:
"The remote host is running PHProjekt, an open source PHP Groupware
package. It runs on most Linux and Unix variants, in addition to
Microsoft Windows operating systems.
An unspecified authentication bypass vulnerability is present in the
'setup.php' source file and may be exploited by a remote attacker to
gain access to the 'setup.php' file without requiring authentication.
The 'setup.php' file may then be employed to make administrative
configuration changes to the PHPProjekt website." );
script_set_attribute(attribute:"solution", value:
"Upgrade setup.php to the fixed version - setup.php,v 1.3." );
script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P");
script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
script_set_attribute(attribute:"exploitability_ease", value:"No exploit is required");
script_set_attribute(attribute:"exploit_available", value:"false");
script_cwe_id(264);
script_set_attribute(attribute:"plugin_publication_date", value: "2004/12/05");
script_set_attribute(attribute:"vuln_publication_date", value: "2004/12/02");
script_set_attribute(attribute:"plugin_modification_date", value:"2021/01/19");
script_set_attribute(attribute:"plugin_type", value:"remote");
script_set_attribute(attribute:"cpe",value:"cpe:/a:phprojekt:phprojekt");
script_end_attributes();
script_summary(english:"Uses a form-POST method to enter the configuration page");
script_category(ACT_ATTACK);
script_family(english:"CGI abuses");
script_copyright(english:"This script is Copyright (C) 2004-2021 Tenable Network Security, Inc.");
script_dependencie("http_version.nasl");
script_require_ports("Services/www", 80);
script_exclude_keys("Settings/disable_cgi_scanning");
exit(0);
}
include("global_settings.inc");
include("misc_func.inc");
include("http.inc");
port = get_http_port(default:80);
enable_cookiejar();
init_cookiejar();
r = http_send_recv3(port: port, method: 'GET', item:"/phprojekt/setup.php");
if (! egrep(pattern: "^Set-Cookie:", string: r[1])) exit(0);
r = http_send_recv3(port: port, method: 'POST',
item:"/phprojekt/setup.php",
data: strcat("nachname=", rand(), "&admin_pw=", rand()),
add_headers: make_array("Content-Type", "application/x-www-form-urlencoded") );
if (isnull(r)) exit(0);
if("PHProjekt SETUP" >< r[2])
{
security_hole(port);
exit(0);
}
Related
openvas
openvas
Gentoo Security Advisory GLSA 200412-06 (PHProjekt)
2008-09-24 00:00:00
Gentoo Security Advisory GLSA 200412-06 (PHProjekt)
2008-09-24 00:00:00
cve
cve
CVE-2004-2739
2004-12-31 05:00:00
Related for PHPPROJEKT_AUTH_BYPASS.NASL