Search...

Pligg Detection

2010-07-19T00:00:00

ID PLIGG_DETECT.NASL
Type nessus
Reporter Tenable
Modified 2014-08-09T00:00:00

Description

The remote host is running Pligg, a web-based content management system written in PHP.

                                        
                                            #
# (C) Tenable Network Security, Inc.
#


include("compat.inc");


if (description)
{
  script_id(47765);
  script_version("$Revision: 1.5 $");
  script_cvs_date("$Date: 2014/08/09 00:11:24 $");

  script_name(english:"Pligg Detection");
  script_summary(english:"Looks for Pligg");

  script_set_attribute(
    attribute:"synopsis",
    value:
"The remote web server is running a content management system written
in PHP."
  );
  script_set_attribute(
    attribute:"description",
    value:
"The remote host is running Pligg, a web-based content management
system written in PHP."
  );
  script_set_attribute(attribute:"see_also", value:"http://www.pligg.com");
  script_set_attribute(attribute:"solution", value:"n/a");
  script_set_attribute(attribute:"risk_factor", value:"None");

  script_set_attribute(attribute:"plugin_publication_date", value:"2010/07/19");

  script_set_attribute(attribute:"plugin_type", value:"remote");
  script_set_attribute(attribute:"cpe", value:"cpe:/a:pligg:pligg_cms");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_family(english:"CGI abuses");

  script_copyright(english:"This script is Copyright (C) 2010-2014 Tenable Network Security, Inc.");

  script_dependencies("http_version.nasl");
  script_exclude_keys("Settings/disable_cgi_scanning");
  script_require_ports("Services/www", 80);
  script_require_keys("www/PHP");

  exit(0);
}

include("audit.inc");
include("global_settings.inc");
include("misc_func.inc");
include("http.inc");
include("webapp_func.inc");

port = get_http_port(default:80, php: TRUE);

installs = NULL;
meta_tag = '&lt;meta name="description" content="Pligg is an open source content management system that lets you easily &lt;a href=\'http://www.pligg.com\'&gt;create your own social network&lt;/a&gt;." /&gt;';
dirs     = cgi_dirs();

if (thorough_tests)
{
  dirs = make_list(dirs, '/pligg');
  dirs = list_uniq(dirs);
}

foreach dir (dirs)
{
  url = string(dir, '/');
  res = http_send_recv3(method: "GET", item: url, port: port, exit_on_fail: TRUE);

  if (meta_tag &gt;&lt; res[2])
  {
    installs = add_install(
      installs : installs,
      dir      : dir,
      appname  : 'pligg',
      port     : port
    );

    if (!thorough_tests) break;
  }
}

if (isnull(installs)) exit(0, "Pligg wasn't detected on port "+port+".");

if (report_verbosity &gt; 0)
{
  report = get_install_report(
    display_name : 'Pligg',
    installs     : installs,
    port         : port
  );
  security_note(port: port, extra: report);
}
else security_note(port);

JSON Vulners Source

Initial Source

{"id": "PLIGG_DETECT.NASL", "bulletinFamily": "scanner", "title": "Pligg Detection", "description": "The remote host is running Pligg, a web-based content management system written in PHP.", "published": "2010-07-19T00:00:00", "modified": "2014-08-09T00:00:00", "cvss": {"score": 0.0, "vector": "NONE"}, "href": "https://www.tenable.com/plugins/index.php?view=single&id=47765", "reporter": "Tenable", "references": ["http://www.pligg.com"], "cvelist": [], "type": "nessus", "lastseen": "2019-02-21T01:13:37", "history": [{"bulletin": {"bulletinFamily": "scanner", "cpe": ["cpe:/a:pligg:pligg_cms"], "cvelist": [], "cvss": {"score": 0.0, "vector": "NONE"}, "description": "The remote host is running Pligg, a web-based content management\nsystem written in PHP.", "edition": 3, "enchantments": {"dependencies": {"modified": "2019-01-16T20:10:51", "references": [{"idList": ["PLIGG_REG_USERNAME_XSS.NASL", "PLIGG_SEARCH_XSS.NASL"], "type": "nessus"}]}, "score": {"value": 5.0, "vector": "NONE"}}, "hash": "4c5cbf0537311e9131732c37720483d937873a5186a2f46b351fd3e45e22f32d", "hashmap": [{"hash": "9cf00d658b687f030ebe173a0528c567", "key": "reporter"}, {"hash": "b08da571809389472a005a3bf19155d1", "key": "description"}, {"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "cvelist"}, {"hash": "74a788871dba19c8dd62b7f3b17d3b4e", "key": "href"}, {"hash": "862bf55a7cf8fc3acdefc6a126aa4df3", "key": "published"}, {"hash": "8cd4821cb504d25572038ed182587d85", "key": "cvss"}, {"hash": "bbdaea376f500d25f6b0c1050311dd07", "key": "bulletinFamily"}, {"hash": "5e0bd03bec244039678f2b955a2595aa", "key": "type"}, {"hash": "d8f3cb3674af082a47f1efb9fdd28199", "key": "cpe"}, {"hash": "12723a7b7683b8508bb7f6c3888843bb", "key": "title"}, {"hash": "07948b8ff59e8dda0b01012f70f00327", "key": "naslFamily"}, {"hash": "1f07de9db0b3ec4c623e714ed66de1c5", "key": "references"}, {"hash": "62eb4b3b47b5edd65a6d17a3eb3898f2", "key": "sourceData"}, {"hash": "3acba2462aedc96a84aa63c995f13572", "key": "pluginID"}, {"hash": "1c362e980a0d97faa19e4a6d8bfcd4c6", "key": "modified"}], "history": [], "href": "https://www.tenable.com/plugins/index.php?view=single&id=47765", "id": "PLIGG_DETECT.NASL", "lastseen": "2019-01-16T20:10:51", "modified": "2014-08-09T00:00:00", "naslFamily": "CGI abuses", "objectVersion": "1.3", "pluginID": "47765", "published": "2010-07-19T00:00:00", "references": ["http://www.pligg.com"], "reporter": "Tenable", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\n\ninclude(\"compat.inc\");\n\n\nif (description)\n{\n script_id(47765);\n script_version(\"$Revision: 1.5 $\");\n script_cvs_date(\"$Date: 2014/08/09 00:11:24 $\");\n\n script_name(english:\"Pligg Detection\");\n script_summary(english:\"Looks for Pligg\");\n\n script_set_attribute(\n attribute:\"synopsis\",\n value:\n\"The remote web server is running a content management system written\nin PHP.\"\n );\n script_set_attribute(\n attribute:\"description\",\n value:\n\"The remote host is running Pligg, a web-based content management\nsystem written in PHP.\"\n );\n script_set_attribute(attribute:\"see_also\", value:\"http://www.pligg.com\");\n script_set_attribute(attribute:\"solution\", value:\"n/a\");\n script_set_attribute(attribute:\"risk_factor\", value:\"None\");\n\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2010/07/19\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"remote\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:pligg:pligg_cms\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"CGI abuses\");\n\n script_copyright(english:\"This script is Copyright (C) 2010-2014 Tenable Network Security, Inc.\");\n\n script_dependencies(\"http_version.nasl\");\n script_exclude_keys(\"Settings/disable_cgi_scanning\");\n script_require_ports(\"Services/www\", 80);\n script_require_keys(\"www/PHP\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"http.inc\");\ninclude(\"webapp_func.inc\");\n\nport = get_http_port(default:80, php: TRUE);\n\ninstalls = NULL;\nmeta_tag = '<meta name=\"description\" content=\"Pligg is an open source content management system that lets you easily <a href=\\'http://www.pligg.com\\'>create your own social network</a>.\" />';\ndirs = cgi_dirs();\n\nif (thorough_tests)\n{\n dirs = make_list(dirs, '/pligg');\n dirs = list_uniq(dirs);\n}\n\nforeach dir (dirs)\n{\n url = string(dir, '/');\n res = http_send_recv3(method: \"GET\", item: url, port: port, exit_on_fail: TRUE);\n\n if (meta_tag >< res[2])\n {\n installs = add_install(\n installs : installs,\n dir : dir,\n appname : 'pligg',\n port : port\n );\n\n if (!thorough_tests) break;\n }\n}\n\nif (isnull(installs)) exit(0, \"Pligg wasn't detected on port \"+port+\".\");\n\nif (report_verbosity > 0)\n{\n report = get_install_report(\n display_name : 'Pligg',\n installs : installs,\n port : port\n );\n security_note(port: port, extra: report);\n}\nelse security_note(port);\n", "title": "Pligg Detection", "type": "nessus", "viewCount": 27}, "differentElements": ["description"], "edition": 3, "lastseen": "2019-01-16T20:10:51"}, {"bulletin": {"bulletinFamily": "scanner", "cpe": ["cpe:/a:pligg:pligg_cms"], "cvelist": [], "cvss": {"score": 0.0, "vector": "NONE"}, "description": "The remote host is running Pligg, a web-based content management system written in PHP.", "edition": 2, "enchantments": {"score": {"value": 5.0, "vector": "NONE"}}, "hash": "c9b2a41901fb86f6f0e0f875368c4a19eb49d30fd6046c10bc971c3c8efea1e6", "hashmap": [{"hash": "9cf00d658b687f030ebe173a0528c567", "key": "reporter"}, {"hash": "279ddf19b47edd0575d5d297243bbddd", "key": "description"}, {"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "cvelist"}, {"hash": "74a788871dba19c8dd62b7f3b17d3b4e", "key": "href"}, {"hash": "862bf55a7cf8fc3acdefc6a126aa4df3", "key": "published"}, {"hash": "8cd4821cb504d25572038ed182587d85", "key": "cvss"}, {"hash": "bbdaea376f500d25f6b0c1050311dd07", "key": "bulletinFamily"}, {"hash": "5e0bd03bec244039678f2b955a2595aa", "key": "type"}, {"hash": "d8f3cb3674af082a47f1efb9fdd28199", "key": "cpe"}, {"hash": "12723a7b7683b8508bb7f6c3888843bb", "key": "title"}, {"hash": "07948b8ff59e8dda0b01012f70f00327", "key": "naslFamily"}, {"hash": "1f07de9db0b3ec4c623e714ed66de1c5", "key": "references"}, {"hash": "62eb4b3b47b5edd65a6d17a3eb3898f2", "key": "sourceData"}, {"hash": "3acba2462aedc96a84aa63c995f13572", "key": "pluginID"}, {"hash": "1c362e980a0d97faa19e4a6d8bfcd4c6", "key": "modified"}], "history": [], "href": "https://www.tenable.com/plugins/index.php?view=single&id=47765", "id": "PLIGG_DETECT.NASL", "lastseen": "2017-10-29T13:46:00", "modified": "2014-08-09T00:00:00", "naslFamily": "CGI abuses", "objectVersion": "1.3", "pluginID": "47765", "published": "2010-07-19T00:00:00", "references": ["http://www.pligg.com"], "reporter": "Tenable", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\n\ninclude(\"compat.inc\");\n\n\nif (description)\n{\n script_id(47765);\n script_version(\"$Revision: 1.5 $\");\n script_cvs_date(\"$Date: 2014/08/09 00:11:24 $\");\n\n script_name(english:\"Pligg Detection\");\n script_summary(english:\"Looks for Pligg\");\n\n script_set_attribute(\n attribute:\"synopsis\",\n value:\n\"The remote web server is running a content management system written\nin PHP.\"\n );\n script_set_attribute(\n attribute:\"description\",\n value:\n\"The remote host is running Pligg, a web-based content management\nsystem written in PHP.\"\n );\n script_set_attribute(attribute:\"see_also\", value:\"http://www.pligg.com\");\n script_set_attribute(attribute:\"solution\", value:\"n/a\");\n script_set_attribute(attribute:\"risk_factor\", value:\"None\");\n\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2010/07/19\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"remote\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:pligg:pligg_cms\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"CGI abuses\");\n\n script_copyright(english:\"This script is Copyright (C) 2010-2014 Tenable Network Security, Inc.\");\n\n script_dependencies(\"http_version.nasl\");\n script_exclude_keys(\"Settings/disable_cgi_scanning\");\n script_require_ports(\"Services/www\", 80);\n script_require_keys(\"www/PHP\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"http.inc\");\ninclude(\"webapp_func.inc\");\n\nport = get_http_port(default:80, php: TRUE);\n\ninstalls = NULL;\nmeta_tag = '<meta name=\"description\" content=\"Pligg is an open source content management system that lets you easily <a href=\\'http://www.pligg.com\\'>create your own social network</a>.\" />';\ndirs = cgi_dirs();\n\nif (thorough_tests)\n{\n dirs = make_list(dirs, '/pligg');\n dirs = list_uniq(dirs);\n}\n\nforeach dir (dirs)\n{\n url = string(dir, '/');\n res = http_send_recv3(method: \"GET\", item: url, port: port, exit_on_fail: TRUE);\n\n if (meta_tag >< res[2])\n {\n installs = add_install(\n installs : installs,\n dir : dir,\n appname : 'pligg',\n port : port\n );\n\n if (!thorough_tests) break;\n }\n}\n\nif (isnull(installs)) exit(0, \"Pligg wasn't detected on port \"+port+\".\");\n\nif (report_verbosity > 0)\n{\n report = get_install_report(\n display_name : 'Pligg',\n installs : installs,\n port : port\n );\n security_note(port: port, extra: report);\n}\nelse security_note(port);\n", "title": "Pligg Detection", "type": "nessus", "viewCount": 27}, "differentElements": ["description"], "edition": 2, "lastseen": "2017-10-29T13:46:00"}, {"bulletin": {"bulletinFamily": "scanner", "cpe": [], "cvelist": [], "cvss": {"score": 0.0, "vector": "NONE"}, "description": "The remote host is running Pligg, a web-based content management system written in PHP.", "edition": 1, "enchantments": {}, "hash": "3ba02d1691bbc4f08ecba1db8368c2d6c185515e0f1269933087f078336bb80d", "hashmap": [{"hash": "9cf00d658b687f030ebe173a0528c567", "key": "reporter"}, {"hash": "279ddf19b47edd0575d5d297243bbddd", "key": "description"}, {"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "cvelist"}, {"hash": "74a788871dba19c8dd62b7f3b17d3b4e", "key": "href"}, {"hash": "862bf55a7cf8fc3acdefc6a126aa4df3", "key": "published"}, {"hash": "8cd4821cb504d25572038ed182587d85", "key": "cvss"}, {"hash": "bbdaea376f500d25f6b0c1050311dd07", "key": "bulletinFamily"}, {"hash": "5e0bd03bec244039678f2b955a2595aa", "key": "type"}, {"hash": "12723a7b7683b8508bb7f6c3888843bb", "key": "title"}, {"hash": "07948b8ff59e8dda0b01012f70f00327", "key": "naslFamily"}, {"hash": "1f07de9db0b3ec4c623e714ed66de1c5", "key": "references"}, {"hash": "62eb4b3b47b5edd65a6d17a3eb3898f2", "key": "sourceData"}, {"hash": "3acba2462aedc96a84aa63c995f13572", "key": "pluginID"}, {"hash": "1c362e980a0d97faa19e4a6d8bfcd4c6", "key": "modified"}, {"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "cpe"}], "history": [], "href": "https://www.tenable.com/plugins/index.php?view=single&id=47765", "id": "PLIGG_DETECT.NASL", "lastseen": "2016-09-26T17:26:45", "modified": "2014-08-09T00:00:00", "naslFamily": "CGI abuses", "objectVersion": "1.2", "pluginID": "47765", "published": "2010-07-19T00:00:00", "references": ["http://www.pligg.com"], "reporter": "Tenable", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\n\ninclude(\"compat.inc\");\n\n\nif (description)\n{\n script_id(47765);\n script_version(\"$Revision: 1.5 $\");\n script_cvs_date(\"$Date: 2014/08/09 00:11:24 $\");\n\n script_name(english:\"Pligg Detection\");\n script_summary(english:\"Looks for Pligg\");\n\n script_set_attribute(\n attribute:\"synopsis\",\n value:\n\"The remote web server is running a content management system written\nin PHP.\"\n );\n script_set_attribute(\n attribute:\"description\",\n value:\n\"The remote host is running Pligg, a web-based content management\nsystem written in PHP.\"\n );\n script_set_attribute(attribute:\"see_also\", value:\"http://www.pligg.com\");\n script_set_attribute(attribute:\"solution\", value:\"n/a\");\n script_set_attribute(attribute:\"risk_factor\", value:\"None\");\n\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2010/07/19\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"remote\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:pligg:pligg_cms\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"CGI abuses\");\n\n script_copyright(english:\"This script is Copyright (C) 2010-2014 Tenable Network Security, Inc.\");\n\n script_dependencies(\"http_version.nasl\");\n script_exclude_keys(\"Settings/disable_cgi_scanning\");\n script_require_ports(\"Services/www\", 80);\n script_require_keys(\"www/PHP\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"http.inc\");\ninclude(\"webapp_func.inc\");\n\nport = get_http_port(default:80, php: TRUE);\n\ninstalls = NULL;\nmeta_tag = '<meta name=\"description\" content=\"Pligg is an open source content management system that lets you easily <a href=\\'http://www.pligg.com\\'>create your own social network</a>.\" />';\ndirs = cgi_dirs();\n\nif (thorough_tests)\n{\n dirs = make_list(dirs, '/pligg');\n dirs = list_uniq(dirs);\n}\n\nforeach dir (dirs)\n{\n url = string(dir, '/');\n res = http_send_recv3(method: \"GET\", item: url, port: port, exit_on_fail: TRUE);\n\n if (meta_tag >< res[2])\n {\n installs = add_install(\n installs : installs,\n dir : dir,\n appname : 'pligg',\n port : port\n );\n\n if (!thorough_tests) break;\n }\n}\n\nif (isnull(installs)) exit(0, \"Pligg wasn't detected on port \"+port+\".\");\n\nif (report_verbosity > 0)\n{\n report = get_install_report(\n display_name : 'Pligg',\n installs : installs,\n port : port\n );\n security_note(port: port, extra: report);\n}\nelse security_note(port);\n", "title": "Pligg Detection", "type": "nessus", "viewCount": 22}, "differentElements": ["cpe"], "edition": 1, "lastseen": "2016-09-26T17:26:45"}], "edition": 4, "hashmap": [{"key": "bulletinFamily", "hash": "bbdaea376f500d25f6b0c1050311dd07"}, {"key": "cpe", "hash": "d8f3cb3674af082a47f1efb9fdd28199"}, {"key": "cvelist", "hash": "d41d8cd98f00b204e9800998ecf8427e"}, {"key": "cvss", "hash": "8cd4821cb504d25572038ed182587d85"}, {"key": "description", "hash": "279ddf19b47edd0575d5d297243bbddd"}, {"key": "href", "hash": "74a788871dba19c8dd62b7f3b17d3b4e"}, {"key": "modified", "hash": "1c362e980a0d97faa19e4a6d8bfcd4c6"}, {"key": "naslFamily", "hash": "07948b8ff59e8dda0b01012f70f00327"}, {"key": "pluginID", "hash": "3acba2462aedc96a84aa63c995f13572"}, {"key": "published", "hash": "862bf55a7cf8fc3acdefc6a126aa4df3"}, {"key": "references", "hash": "1f07de9db0b3ec4c623e714ed66de1c5"}, {"key": "reporter", "hash": "9cf00d658b687f030ebe173a0528c567"}, {"key": "sourceData", "hash": "62eb4b3b47b5edd65a6d17a3eb3898f2"}, {"key": "title", "hash": "12723a7b7683b8508bb7f6c3888843bb"}, {"key": "type", "hash": "5e0bd03bec244039678f2b955a2595aa"}], "hash": "c9b2a41901fb86f6f0e0f875368c4a19eb49d30fd6046c10bc971c3c8efea1e6", "viewCount": 27, "enchantments": {"dependencies": {"references": [{"type": "nessus", "idList": ["PLIGG_REG_USERNAME_XSS.NASL", "PLIGG_SEARCH_XSS.NASL"]}], "modified": "2019-02-21T01:13:37"}, "score": {"value": 5.0, "vector": "NONE"}, "vulnersScore": 5.0}, "objectVersion": "1.3", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\n\ninclude(\"compat.inc\");\n\n\nif (description)\n{\n script_id(47765);\n script_version(\"$Revision: 1.5 $\");\n script_cvs_date(\"$Date: 2014/08/09 00:11:24 $\");\n\n script_name(english:\"Pligg Detection\");\n script_summary(english:\"Looks for Pligg\");\n\n script_set_attribute(\n attribute:\"synopsis\",\n value:\n\"The remote web server is running a content management system written\nin PHP.\"\n );\n script_set_attribute(\n attribute:\"description\",\n value:\n\"The remote host is running Pligg, a web-based content management\nsystem written in PHP.\"\n );\n script_set_attribute(attribute:\"see_also\", value:\"http://www.pligg.com\");\n script_set_attribute(attribute:\"solution\", value:\"n/a\");\n script_set_attribute(attribute:\"risk_factor\", value:\"None\");\n\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2010/07/19\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"remote\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:pligg:pligg_cms\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"CGI abuses\");\n\n script_copyright(english:\"This script is Copyright (C) 2010-2014 Tenable Network Security, Inc.\");\n\n script_dependencies(\"http_version.nasl\");\n script_exclude_keys(\"Settings/disable_cgi_scanning\");\n script_require_ports(\"Services/www\", 80);\n script_require_keys(\"www/PHP\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"http.inc\");\ninclude(\"webapp_func.inc\");\n\nport = get_http_port(default:80, php: TRUE);\n\ninstalls = NULL;\nmeta_tag = '<meta name=\"description\" content=\"Pligg is an open source content management system that lets you easily <a href=\\'http://www.pligg.com\\'>create your own social network</a>.\" />';\ndirs = cgi_dirs();\n\nif (thorough_tests)\n{\n dirs = make_list(dirs, '/pligg');\n dirs = list_uniq(dirs);\n}\n\nforeach dir (dirs)\n{\n url = string(dir, '/');\n res = http_send_recv3(method: \"GET\", item: url, port: port, exit_on_fail: TRUE);\n\n if (meta_tag >< res[2])\n {\n installs = add_install(\n installs : installs,\n dir : dir,\n appname : 'pligg',\n port : port\n );\n\n if (!thorough_tests) break;\n }\n}\n\nif (isnull(installs)) exit(0, \"Pligg wasn't detected on port \"+port+\".\");\n\nif (report_verbosity > 0)\n{\n report = get_install_report(\n display_name : 'Pligg',\n installs : installs,\n port : port\n );\n security_note(port: port, extra: report);\n}\nelse security_note(port);\n", "naslFamily": "CGI abuses", "pluginID": "47765", "cpe": ["cpe:/a:pligg:pligg_cms"], "scheme": null}

{"nessus": [{"lastseen": "2019-02-21T01:14:20", "bulletinFamily": "scanner", "description": "The remote web server is hosting a version of Pligg that is affected by a cross-site scripting vulnerability in the 'reg_username' parameter of the 'register.php' script.\n\nAlso note it has been reported that several other cross-site scripting vulnerabilities exist in the script 'register.php' via the parameters 'reg_email', 'reg_password', and 'reg_password2', although Nessus has not checked for them.", "modified": "2018-08-13T00:00:00", "id": "PLIGG_REG_USERNAME_XSS.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=51438", "published": "2011-01-07T00:00:00", "title": "Pligg register.php reg_username Parameter XSS", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\n\ninclude(\"compat.inc\");\n\n\nif (description)\n{\n script_id(51438);\n script_version(\"1.9\");\n script_cvs_date(\"Date: 2018/08/13 14:32:36\");\n\n script_xref(name:\"Secunia\", value:\"42740\");\n\n script_name(english:\"Pligg register.php reg_username Parameter XSS\");\n script_summary(english:\"Attempts to exploit an XSS flaw in the reg_username parameter of Pligg\");\n\n script_set_attribute(\n attribute:\"synopsis\",\n value:\n\"The remote web server hosts a web application that is vulnerable to a\ncross-site scripting attack.\"\n );\n script_set_attribute(\n attribute:\"description\",\n value:\n\"The remote web server is hosting a version of Pligg that is affected\nby a cross-site scripting vulnerability in the 'reg_username'\nparameter of the 'register.php' script.\n\nAlso note it has been reported that several other cross-site scripting\nvulnerabilities exist in the script 'register.php' via the parameters\n'reg_email', 'reg_password', and 'reg_password2', although Nessus has\nnot checked for them.\"\n );\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?6e396247\");\n script_set_attribute(attribute:\"solution\", value:\"Upgrade to version 1.1.3 or greater.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:N/I:P/A:N\");\n script_cwe_id(20, 74, 79, 442, 629, 711, 712, 722, 725, 750, 751, 800, 801, 809, 811, 864, 900, 928, 931, 990);\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2010/12/23\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2010/12/23\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2011/01/07\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"remote\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:pligg:pligg_cms\");\n script_set_attribute(attribute:\"exploited_by_nessus\", value:\"true\");\n script_end_attributes();\n\n script_category(ACT_ATTACK);\n script_family(english:\"CGI abuses : XSS\");\n\n script_copyright(english:\"This script is Copyright (C) 2011-2018 Tenable Network Security, Inc.\");\n\n script_dependencie(\"pligg_detect.nasl\");\n script_exclude_keys(\"Settings/disable_cgi_scanning\");\n script_require_ports(\"Services/www\", 80);\n script_require_keys(\"www/pligg\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"http.inc\");\ninclude(\"url_func.inc\");\ninclude(\"webapp_func.inc\");\n\nport = get_http_port(default:80, php:TRUE);\n\ninstall = get_install_from_kb(appname:'pligg', port:port, exit_on_fail:TRUE);\ntimestamp = unixtime();\n\nxss = '\"onmouseover=alert(/'+SCRIPT_NAME + '-' + timestamp +'/)>';\npost_data = 'reg_username='\n + xss\n + '&reg_email=fakeemail&reg_password=fakepasswd&reg_password2=fakepasswd'\n + '&recaptcha_challenge_field=junk&recaptcha_response_field=junk'\n + '&submit=Create+user&regfrom=full';\n\nexpected_output = 'name=\"reg_username\" id=\"reg_username\" value=\"\\\\\"'\n + 'onmouseover=alert(/'\n + SCRIPT_NAME + '-' + timestamp\n + '/)>\" size=\"25\"';\n\nw = http_send_recv3(\n method : \"POST\",\n item : install['dir'] + \"/register.php\",\n data : post_data,\n content_type : 'application/x-www-form-urlencoded',\n port : port,\n exit_on_fail : TRUE\n);\n\nif (expected_output >< w[2])\n{\n set_kb_item(name:'www/'+port+'/XSS', value:TRUE);\n\n if(report_verbosity > 0)\n {\n report =\n '\\n' + 'Nessus was able to verify the issue with the following request : ' +\n '\\n' +\n '\\n ' + str_replace(find:'\\n', replace:'\\n ', string: http_last_sent_request()) + '\\n';\n security_warning(port:port, extra:report);\n }\n else security_warning(port:port);\n exit(0);\n}\nelse exit(0, \"The Pligg install at \" + install['dir'] + \" is not affected.\");\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2019-02-21T01:13:37", "bulletinFamily": "scanner", "description": "The remote web server is hosting a version of Pligg that is affected by a cross-site scripting vulnerability in the 'search' parameter of the 'search.php' script.", "modified": "2018-11-15T00:00:00", "id": "PLIGG_SEARCH_XSS.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=47766", "published": "2010-07-20T00:00:00", "title": "Pligg search.php search Parameter XSS", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\n\ninclude(\"compat.inc\");\n\n\nif (description)\n{\n script_id(47766);\n script_version(\"1.12\");\n script_cvs_date(\"Date: 2018/11/15 20:50:20\");\n\n script_bugtraq_id(41729);\n script_xref(name:\"Secunia\", value:\"40616\");\n\n script_name(english:\"Pligg search.php search Parameter XSS\");\n script_summary(english:\"Attempts to exploit an XSS flaw in the search parameter of Pligg\");\n\n script_set_attribute(\n attribute:\"synopsis\",\n value:\n\"The remote web server hosts a web application that is vulnerable to a\ncross-site scripting attack.\"\n );\n script_set_attribute(\n attribute:\"description\",\n value:\n\"The remote web server is hosting a version of Pligg that is affected\nby a cross-site scripting vulnerability in the 'search' parameter of\nthe 'search.php' script.\"\n );\n # http://pligg.svn.sourceforge.net/viewvc/pligg?view=revision&revision=2030\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?e114a6c5\");\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.securityfocus.com/archive/1/512394\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Apply the fix from the SVN repository.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:N/I:P/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:F/RL:U/RC:ND\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_cwe_id(20, 74, 79, 442, 629, 711, 712, 722, 725, 750, 751, 800, 801, 809, 811, 864, 900, 928, 931, 990);\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2010/07/15\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2010/07/19\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2010/07/20\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"remote\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:pligg:pligg_cms\");\n script_end_attributes();\n\n script_category(ACT_ATTACK);\n script_family(english:\"CGI abuses : XSS\");\n\n script_copyright(english:\"This script is Copyright (C) 2010-2018 Tenable Network Security, Inc.\");\n\n script_dependencie(\"pligg_detect.nasl\");\n script_exclude_keys(\"Settings/disable_cgi_scanning\");\n script_require_ports(\"Services/www\", 80);\n script_require_keys(\"www/pligg\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"http.inc\");\ninclude(\"url_func.inc\");\ninclude(\"webapp_func.inc\");\n\nport = get_http_port(default:80);\n\ninstall = get_install_from_kb(appname:'pligg', port:port);\nif(isnull(install)) exit(0, \"Pligg was not detected on port \"+port+\".\");\n\nxss = '1\"></a><script>alert(\"'+SCRIPT_NAME + '-' + unixtime() + '\")</script>';\nexpected_output = 'rsssearch.php?search='+xss+'\" target=\"_blank\">';\n\nexploited = test_cgi_xss(\n port : port,\n dirs : make_list(install['dir']),\n cgi : \"/search.php\",\n qs : \"search=\"+xss,\n pass_str : expected_output,\n ctrl_re : 'name=\"search\" id=\"searchsite\" value=\"'\n);\n\nif (!exploited)\n{\n install_url = build_url(qs: install['dir'], port: port);\n exit(0, \"The Pligg install at \" + install_url + \" is not affected.\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}]}