Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
nessusThis script is Copyright (C) 2004-2021 Tenable Network Security, Inc.PHP_ARBITRARY_FILE_ACCESS.NASL
HistoryNov 13, 2004 - 12:00 a.m.

PHP < 3.0 mylog.html/mlog.html Arbitrary File Access

2004-11-1300:00:00
This script is Copyright (C) 2004-2021 Tenable Network Security, Inc.
www.tenable.com
40
JSON

The remote host is running PHP/FI.

The remote version of this software contains a flaw in the files mylog.html/mlog.html that can allow a remote attacker to view arbitrary files on the remote host.

#%NASL_MIN_LEVEL 70300
#
# (C) Tenable Network Security, Inc.
#

include('deprecated_nasl_level.inc');
include('compat.inc');

if (description)
{
 script_id(15708);
 script_version("1.14");

 script_cve_id("CVE-1999-0068", "CVE-1999-0346");
 script_bugtraq_id(713);
 
 script_name(english:"PHP < 3.0 mylog.html/mlog.html Arbitrary File Access");

 script_set_attribute(attribute:"synopsis", value:
"Arbitrary files may be read on the remote host." );
 script_set_attribute(attribute:"description", value:
"The remote host is running PHP/FI.

The remote version of this software contains a flaw in 
the files mylog.html/mlog.html that can allow a remote attacker 
to view arbitrary files on the remote host." );
 script_set_attribute(attribute:"solution", value:
"Upgrade to version 3.0 or newer." );
 script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:N");
 script_set_cvss_temporal_vector("CVSS2#E:POC/RL:OF/RC:C");
 script_set_attribute(attribute:"exploitability_ease", value:"No exploit is required");
 script_set_attribute(attribute:"exploit_available", value:"false");

 script_set_attribute(attribute:"plugin_publication_date", value: "2004/11/13");
 script_set_attribute(attribute:"vuln_publication_date", value: "1997/10/19");
 script_set_attribute(attribute:"plugin_modification_date", value:"2021/01/19");
script_set_attribute(attribute:"plugin_type", value:"remote");
script_set_attribute(attribute:"cpe",value:"cpe:/a:php:php");
script_end_attributes();

 
 summary["english"] = "Checks PHP mylog.html/mlog.html arbitrary file access";

 script_summary(english:summary["english"]);
 
 script_category(ACT_GATHER_INFO);
 
 script_copyright(english:"This script is Copyright (C) 2004-2021 Tenable Network Security, Inc.");
 script_family(english:"CGI abuses");
 
 script_dependencies("http_version.nasl");
 script_require_ports("Services/www", 80);
 script_exclude_keys("Settings/disable_cgi_scanning");
 exit(0);
}

include("http_func.inc");
include("http_keepalive.inc");

port = get_http_port(default:80, embedded:TRUE);
if ( ! port ) exit(0);

foreach dir ( make_list(cgi_dirs(), "/php") )
{
	foreach htmlfile (make_list("/mylog.html", "/mlog.html"))
	{
	  req = http_get(port:port, item:dir + htmlfile + "?screen=/etc/passwd");
 	  res = http_keepalive_send_recv(port:port, data:req);
 	  if ( res == NULL ) 
		exit(0);
 	  if ( egrep( pattern:"root:.*:0:[01]:.*", string:res) )
	  {
	 	security_warning(port);
	 	exit(0);
	  }
	 }
}
VendorProductVersionCPE
phpphpcpe:/a:php:php

Related

openvas 2
cve 2
openvas
openvas
PHP/FI mylog.html/mlog.html < 3.0 Arbitrary File Read Vulnerability - Active Check
2005-11-03 00:00:00
PHP mylog.html/mlog.html read arbitrary file
2005-11-03 00:00:00
cve
cve
CVE-1999-0346
1997-10-16 04:00:00
CVE-1999-0068
1997-10-19 04:00:00
JSON
Related for PHP_ARBITRARY_FILE_ACCESS.NASL
openvas2cve2