Lucene search
Copyright (C) 2005-2021 Josh Zlatin-AmishavPHP_SURVEYOR_XSS_SQL.NASLHistoryAug 24, 2005 - 12:00 a.m.
PHP Surveyor Multiple Vulnerabilities
2005-08-2400:00:00
Copyright (C) 2005-2021 Josh Zlatin-Amishav
www.tenable.com
11
The remote host is running PHP Surveyor, a set of PHP scripts used to develop, publish and collect responses from surveys.
The remote version of this software contains multiple vulnerabilities that can lead to SQL injection, path disclosure and cross-site scripting.
#%NASL_MIN_LEVEL 70300
#
# Josh Zlatin-Amishav GPLv2
include('deprecated_nasl_level.inc');
include('compat.inc');
if(description)
{
script_id(19494);
script_version("1.19");
script_set_attribute(attribute:"plugin_modification_date", value:"2021/01/19");
script_cve_id(
"CVE-2005-2380",
"CVE-2005-2381",
"CVE-2005-2398",
"CVE-2005-2399"
);
script_bugtraq_id(14329, 14331);
script_name(english:"PHP Surveyor Multiple Vulnerabilities");
script_summary(english:"Checks for SQL injection in admin.php");
script_set_attribute(attribute:"synopsis", value:
"A remote web application is affected by multiple vulnerabilities." );
script_set_attribute(attribute:"description", value:
"The remote host is running PHP Surveyor, a set of PHP scripts used to
develop, publish and collect responses from surveys.
The remote version of this software contains multiple vulnerabilities
that can lead to SQL injection, path disclosure and cross-site
scripting." );
script_set_attribute(attribute:"see_also", value:"https://www.securityfocus.com/archive/1/405735" );
script_set_attribute(attribute:"solution", value:"Unknown at this time." );
script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P");
script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
script_set_attribute(attribute:"exploitability_ease", value:"No exploit is required");
script_set_attribute(attribute:"exploit_available", value:"false");
script_cwe_id(20, 74, 79, 442, 629, 711, 712, 722, 725, 750, 751, 800, 801, 809, 811, 864, 900, 928, 931, 990);
script_set_attribute(attribute:"plugin_publication_date", value: "2005/08/24");
script_set_attribute(attribute:"vuln_publication_date", value: "2005/07/19");
script_set_attribute(attribute:"plugin_type", value:"remote");
script_set_attribute(attribute:"cpe",value:"cpe:/a:phpsurveyor:phpsurveyor");
script_end_attributes();
script_category(ACT_ATTACK);
script_family(english:"CGI abuses");
script_copyright(english:"Copyright (C) 2005-2021 Josh Zlatin-Amishav");
script_dependencies("http_version.nasl");
script_require_ports("Services/www", 80);
script_exclude_keys("Settings/disable_cgi_scanning");
script_require_keys("www/PHP");
exit(0);
}
include("global_settings.inc");
include("http_func.inc");
include("http_keepalive.inc");
include("url_func.inc");
port = get_http_port(default:80, embedded:TRUE);
if(!get_port_state(port))exit(0);
if(!can_host_php(port:port)) exit(0);
foreach dir ( cgi_dirs() )
{
req = http_get(
item:string(
dir, "/admin/admin.php?",
"sid='"
),
port:port
);
res = http_keepalive_send_recv(port:port, data:req, bodyonly:TRUE);
if ( ("<title>PHP Surveyor</title>" >< res) && ("not a valid MySQL result" >< res))
{
security_hole(port);
set_kb_item(name: 'www/'+port+'/XSS', value: TRUE);
set_kb_item(name: 'www/'+port+'/SQLInjection', value: TRUE);
exit(0);
}
}
| Vendor | Product | Version | CPE |
|---|---|---|---|
| phpsurveyor | phpsurveyor | cpe:/a:phpsurveyor:phpsurveyor |
Related for PHP_SURVEYOR_XSS_SQL.NASL