ID PLIGG_DETECT.NASL Type nessus Reporter This script is Copyright (C) 2010-2019 and is owned by Tenable, Inc. or an Affiliate thereof. Modified 2019-12-02T00:00:00
Description
The remote host is running Pligg, a web-based content management
system written in PHP.
#
# (C) Tenable Network Security, Inc.
#
include("compat.inc");
if (description)
{
script_id(47765);
script_version("1.7");
script_cvs_date("Date: 2019/11/22");
script_name(english:"Pligg Detection");
script_summary(english:"Looks for Pligg");
script_set_attribute(
attribute:"synopsis",
value:
"The remote web server is running a content management system written
in PHP."
);
script_set_attribute(
attribute:"description",
value:
"The remote host is running Pligg, a web-based content management
system written in PHP."
);
script_set_attribute(attribute:"see_also", value:"http://www.pligg.com");
script_set_attribute(attribute:"solution", value:"n/a");
script_set_attribute(attribute:"risk_factor", value:"None");
script_set_attribute(attribute:"plugin_publication_date", value:"2010/07/19");
script_set_attribute(attribute:"plugin_type", value:"remote");
script_set_attribute(attribute:"cpe", value:"cpe:/a:pligg:pligg_cms");
script_set_attribute(attribute:"asset_inventory", value:"True");
script_end_attributes();
script_category(ACT_GATHER_INFO);
script_family(english:"CGI abuses");
script_copyright(english:"This script is Copyright (C) 2010-2019 and is owned by Tenable, Inc. or an Affiliate thereof.");
script_dependencies("http_version.nasl");
script_exclude_keys("Settings/disable_cgi_scanning");
script_require_ports("Services/www", 80);
script_require_keys("www/PHP");
exit(0);
}
include("audit.inc");
include("global_settings.inc");
include("misc_func.inc");
include("http.inc");
include("webapp_func.inc");
port = get_http_port(default:80, php: TRUE);
installs = NULL;
meta_tag = '<meta name="description" content="Pligg is an open source content management system that lets you easily <a href=\'http://www.pligg.com\'>create your own social network</a>." />';
dirs = cgi_dirs();
if (thorough_tests)
{
dirs = make_list(dirs, '/pligg');
dirs = list_uniq(dirs);
}
foreach dir (dirs)
{
url = string(dir, '/');
res = http_send_recv3(method: "GET", item: url, port: port, exit_on_fail: TRUE);
if (meta_tag >< res[2])
{
installs = add_install(
installs : installs,
dir : dir,
appname : 'pligg',
port : port,
cpe : "cpe:/a:pligg:pligg_cms"
);
if (!thorough_tests) break;
}
}
if (isnull(installs)) exit(0, "Pligg wasn't detected on port "+port+".");
if (report_verbosity > 0)
{
report = get_install_report(
display_name : 'Pligg',
installs : installs,
port : port
);
security_note(port: port, extra: report);
}
else security_note(port);
{"id": "PLIGG_DETECT.NASL", "bulletinFamily": "scanner", "title": "Pligg Detection", "description": "The remote host is running Pligg, a web-based content management\nsystem written in PHP.", "published": "2010-07-19T00:00:00", "modified": "2019-12-02T00:00:00", "cvss": {"score": 0.0, "vector": "NONE"}, "href": "https://www.tenable.com/plugins/nessus/47765", "reporter": "This script is Copyright (C) 2010-2019 and is owned by Tenable, Inc. or an Affiliate thereof.", "references": ["http://www.pligg.com"], "cvelist": [], "type": "nessus", "lastseen": "2019-12-13T08:52:26", "history": [{"bulletin": {"bulletinFamily": "scanner", "cpe": ["cpe:/a:pligg:pligg_cms"], "cvelist": [], "cvss": {"score": 0.0, "vector": "NONE"}, "description": "The remote host is running Pligg, a web-based content management system written in PHP.", "edition": 2, "enchantments": {"score": {"value": 5.0, "vector": "NONE"}}, "hash": "c9b2a41901fb86f6f0e0f875368c4a19eb49d30fd6046c10bc971c3c8efea1e6", "hashmap": [{"hash": "9cf00d658b687f030ebe173a0528c567", "key": "reporter"}, {"hash": "279ddf19b47edd0575d5d297243bbddd", "key": "description"}, {"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "cvelist"}, {"hash": "74a788871dba19c8dd62b7f3b17d3b4e", "key": "href"}, {"hash": "862bf55a7cf8fc3acdefc6a126aa4df3", "key": "published"}, {"hash": "8cd4821cb504d25572038ed182587d85", "key": "cvss"}, {"hash": "bbdaea376f500d25f6b0c1050311dd07", "key": "bulletinFamily"}, {"hash": "5e0bd03bec244039678f2b955a2595aa", "key": "type"}, {"hash": "d8f3cb3674af082a47f1efb9fdd28199", "key": "cpe"}, {"hash": "12723a7b7683b8508bb7f6c3888843bb", "key": "title"}, {"hash": "07948b8ff59e8dda0b01012f70f00327", "key": "naslFamily"}, {"hash": "1f07de9db0b3ec4c623e714ed66de1c5", "key": "references"}, {"hash": "62eb4b3b47b5edd65a6d17a3eb3898f2", "key": "sourceData"}, {"hash": "3acba2462aedc96a84aa63c995f13572", "key": "pluginID"}, {"hash": "1c362e980a0d97faa19e4a6d8bfcd4c6", "key": "modified"}], "history": [], "href": "https://www.tenable.com/plugins/index.php?view=single&id=47765", "id": "PLIGG_DETECT.NASL", "lastseen": "2017-10-29T13:46:00", "modified": "2014-08-09T00:00:00", "naslFamily": "CGI abuses", "objectVersion": "1.3", "pluginID": "47765", "published": "2010-07-19T00:00:00", "references": ["http://www.pligg.com"], "reporter": "Tenable", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\n\ninclude(\"compat.inc\");\n\n\nif (description)\n{\n script_id(47765);\n script_version(\"$Revision: 1.5 $\");\n script_cvs_date(\"$Date: 2014/08/09 00:11:24 $\");\n\n script_name(english:\"Pligg Detection\");\n script_summary(english:\"Looks for Pligg\");\n\n script_set_attribute(\n attribute:\"synopsis\",\n value:\n\"The remote web server is running a content management system written\nin PHP.\"\n );\n script_set_attribute(\n attribute:\"description\",\n value:\n\"The remote host is running Pligg, a web-based content management\nsystem written in PHP.\"\n );\n script_set_attribute(attribute:\"see_also\", value:\"http://www.pligg.com\");\n script_set_attribute(attribute:\"solution\", value:\"n/a\");\n script_set_attribute(attribute:\"risk_factor\", value:\"None\");\n\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2010/07/19\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"remote\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:pligg:pligg_cms\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"CGI abuses\");\n\n script_copyright(english:\"This script is Copyright (C) 2010-2014 Tenable Network Security, Inc.\");\n\n script_dependencies(\"http_version.nasl\");\n script_exclude_keys(\"Settings/disable_cgi_scanning\");\n script_require_ports(\"Services/www\", 80);\n script_require_keys(\"www/PHP\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"http.inc\");\ninclude(\"webapp_func.inc\");\n\nport = get_http_port(default:80, php: TRUE);\n\ninstalls = NULL;\nmeta_tag = '<meta name=\"description\" content=\"Pligg is an open source content management system that lets you easily <a href=\\'http://www.pligg.com\\'>create your own social network</a>.\" />';\ndirs = cgi_dirs();\n\nif (thorough_tests)\n{\n dirs = make_list(dirs, '/pligg');\n dirs = list_uniq(dirs);\n}\n\nforeach dir (dirs)\n{\n url = string(dir, '/');\n res = http_send_recv3(method: \"GET\", item: url, port: port, exit_on_fail: TRUE);\n\n if (meta_tag >< res[2])\n {\n installs = add_install(\n installs : installs,\n dir : dir,\n appname : 'pligg',\n port : port\n );\n\n if (!thorough_tests) break;\n }\n}\n\nif (isnull(installs)) exit(0, \"Pligg wasn't detected on port \"+port+\".\");\n\nif (report_verbosity > 0)\n{\n report = get_install_report(\n display_name : 'Pligg',\n installs : installs,\n port : port\n );\n security_note(port: port, extra: report);\n}\nelse security_note(port);\n", "title": "Pligg Detection", "type": "nessus", "viewCount": 27}, "differentElements": ["description"], "edition": 2, "lastseen": "2017-10-29T13:46:00"}, {"bulletin": {"bulletinFamily": "scanner", "cpe": ["cpe:/a:pligg:pligg_cms"], "cvelist": [], "cvss": {"score": 0.0, "vector": "NONE"}, "description": "The remote host is running Pligg, a web-based content management system written in PHP.", "edition": 4, "enchantments": {"dependencies": {"modified": "2019-02-21T01:13:37", "references": [{"idList": ["PLIGG_REG_USERNAME_XSS.NASL", "PLIGG_SEARCH_XSS.NASL"], "type": "nessus"}]}, "score": {"modified": "2019-02-21T01:13:37", "value": -0.2, "vector": "NONE"}}, "hash": "c9b2a41901fb86f6f0e0f875368c4a19eb49d30fd6046c10bc971c3c8efea1e6", "hashmap": [{"hash": "9cf00d658b687f030ebe173a0528c567", "key": "reporter"}, {"hash": "279ddf19b47edd0575d5d297243bbddd", "key": "description"}, {"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "cvelist"}, {"hash": "74a788871dba19c8dd62b7f3b17d3b4e", "key": "href"}, {"hash": "862bf55a7cf8fc3acdefc6a126aa4df3", "key": "published"}, {"hash": "8cd4821cb504d25572038ed182587d85", "key": "cvss"}, {"hash": "bbdaea376f500d25f6b0c1050311dd07", "key": "bulletinFamily"}, {"hash": "5e0bd03bec244039678f2b955a2595aa", "key": "type"}, {"hash": "d8f3cb3674af082a47f1efb9fdd28199", "key": "cpe"}, {"hash": "12723a7b7683b8508bb7f6c3888843bb", "key": "title"}, {"hash": "07948b8ff59e8dda0b01012f70f00327", "key": "naslFamily"}, {"hash": "1f07de9db0b3ec4c623e714ed66de1c5", "key": "references"}, {"hash": "62eb4b3b47b5edd65a6d17a3eb3898f2", "key": "sourceData"}, {"hash": "3acba2462aedc96a84aa63c995f13572", "key": "pluginID"}, {"hash": "1c362e980a0d97faa19e4a6d8bfcd4c6", "key": "modified"}], "history": [], "href": "https://www.tenable.com/plugins/index.php?view=single&id=47765", "id": "PLIGG_DETECT.NASL", "lastseen": "2019-02-21T01:13:37", "modified": "2014-08-09T00:00:00", "naslFamily": "CGI abuses", "objectVersion": "1.3", "pluginID": "47765", "published": "2010-07-19T00:00:00", "references": ["http://www.pligg.com"], "reporter": "Tenable", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\n\ninclude(\"compat.inc\");\n\n\nif (description)\n{\n script_id(47765);\n script_version(\"$Revision: 1.5 $\");\n script_cvs_date(\"$Date: 2014/08/09 00:11:24 $\");\n\n script_name(english:\"Pligg Detection\");\n script_summary(english:\"Looks for Pligg\");\n\n script_set_attribute(\n attribute:\"synopsis\",\n value:\n\"The remote web server is running a content management system written\nin PHP.\"\n );\n script_set_attribute(\n attribute:\"description\",\n value:\n\"The remote host is running Pligg, a web-based content management\nsystem written in PHP.\"\n );\n script_set_attribute(attribute:\"see_also\", value:\"http://www.pligg.com\");\n script_set_attribute(attribute:\"solution\", value:\"n/a\");\n script_set_attribute(attribute:\"risk_factor\", value:\"None\");\n\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2010/07/19\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"remote\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:pligg:pligg_cms\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"CGI abuses\");\n\n script_copyright(english:\"This script is Copyright (C) 2010-2014 Tenable Network Security, Inc.\");\n\n script_dependencies(\"http_version.nasl\");\n script_exclude_keys(\"Settings/disable_cgi_scanning\");\n script_require_ports(\"Services/www\", 80);\n script_require_keys(\"www/PHP\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"http.inc\");\ninclude(\"webapp_func.inc\");\n\nport = get_http_port(default:80, php: TRUE);\n\ninstalls = NULL;\nmeta_tag = '<meta name=\"description\" content=\"Pligg is an open source content management system that lets you easily <a href=\\'http://www.pligg.com\\'>create your own social network</a>.\" />';\ndirs = cgi_dirs();\n\nif (thorough_tests)\n{\n dirs = make_list(dirs, '/pligg');\n dirs = list_uniq(dirs);\n}\n\nforeach dir (dirs)\n{\n url = string(dir, '/');\n res = http_send_recv3(method: \"GET\", item: url, port: port, exit_on_fail: TRUE);\n\n if (meta_tag >< res[2])\n {\n installs = add_install(\n installs : installs,\n dir : dir,\n appname : 'pligg',\n port : port\n );\n\n if (!thorough_tests) break;\n }\n}\n\nif (isnull(installs)) exit(0, \"Pligg wasn't detected on port \"+port+\".\");\n\nif (report_verbosity > 0)\n{\n report = get_install_report(\n display_name : 'Pligg',\n installs : installs,\n port : port\n );\n security_note(port: port, extra: report);\n}\nelse security_note(port);\n", "title": "Pligg Detection", "type": "nessus", "viewCount": 33}, "differentElements": ["description", "reporter", "modified", "sourceData", "href"], "edition": 4, "lastseen": "2019-02-21T01:13:37"}, {"bulletin": {"bulletinFamily": "scanner", "cpe": [], "cvelist": [], "cvss": {"score": 0.0, "vector": "NONE"}, "description": "The remote host is running Pligg, a web-based content management system written in PHP.", "edition": 1, "enchantments": {}, "hash": "3ba02d1691bbc4f08ecba1db8368c2d6c185515e0f1269933087f078336bb80d", "hashmap": [{"hash": "9cf00d658b687f030ebe173a0528c567", "key": "reporter"}, {"hash": "279ddf19b47edd0575d5d297243bbddd", "key": "description"}, {"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "cvelist"}, {"hash": "74a788871dba19c8dd62b7f3b17d3b4e", "key": "href"}, {"hash": "862bf55a7cf8fc3acdefc6a126aa4df3", "key": "published"}, {"hash": "8cd4821cb504d25572038ed182587d85", "key": "cvss"}, {"hash": "bbdaea376f500d25f6b0c1050311dd07", "key": "bulletinFamily"}, {"hash": "5e0bd03bec244039678f2b955a2595aa", "key": "type"}, {"hash": "12723a7b7683b8508bb7f6c3888843bb", "key": "title"}, {"hash": "07948b8ff59e8dda0b01012f70f00327", "key": "naslFamily"}, {"hash": "1f07de9db0b3ec4c623e714ed66de1c5", "key": "references"}, {"hash": "62eb4b3b47b5edd65a6d17a3eb3898f2", "key": "sourceData"}, {"hash": "3acba2462aedc96a84aa63c995f13572", "key": "pluginID"}, {"hash": "1c362e980a0d97faa19e4a6d8bfcd4c6", "key": "modified"}, {"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "cpe"}], "history": [], "href": "https://www.tenable.com/plugins/index.php?view=single&id=47765", "id": "PLIGG_DETECT.NASL", "lastseen": "2016-09-26T17:26:45", "modified": "2014-08-09T00:00:00", "naslFamily": "CGI abuses", "objectVersion": "1.2", "pluginID": "47765", "published": "2010-07-19T00:00:00", "references": ["http://www.pligg.com"], "reporter": "Tenable", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\n\ninclude(\"compat.inc\");\n\n\nif (description)\n{\n script_id(47765);\n script_version(\"$Revision: 1.5 $\");\n script_cvs_date(\"$Date: 2014/08/09 00:11:24 $\");\n\n script_name(english:\"Pligg Detection\");\n script_summary(english:\"Looks for Pligg\");\n\n script_set_attribute(\n attribute:\"synopsis\",\n value:\n\"The remote web server is running a content management system written\nin PHP.\"\n );\n script_set_attribute(\n attribute:\"description\",\n value:\n\"The remote host is running Pligg, a web-based content management\nsystem written in PHP.\"\n );\n script_set_attribute(attribute:\"see_also\", value:\"http://www.pligg.com\");\n script_set_attribute(attribute:\"solution\", value:\"n/a\");\n script_set_attribute(attribute:\"risk_factor\", value:\"None\");\n\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2010/07/19\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"remote\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:pligg:pligg_cms\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"CGI abuses\");\n\n script_copyright(english:\"This script is Copyright (C) 2010-2014 Tenable Network Security, Inc.\");\n\n script_dependencies(\"http_version.nasl\");\n script_exclude_keys(\"Settings/disable_cgi_scanning\");\n script_require_ports(\"Services/www\", 80);\n script_require_keys(\"www/PHP\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"http.inc\");\ninclude(\"webapp_func.inc\");\n\nport = get_http_port(default:80, php: TRUE);\n\ninstalls = NULL;\nmeta_tag = '<meta name=\"description\" content=\"Pligg is an open source content management system that lets you easily <a href=\\'http://www.pligg.com\\'>create your own social network</a>.\" />';\ndirs = cgi_dirs();\n\nif (thorough_tests)\n{\n dirs = make_list(dirs, '/pligg');\n dirs = list_uniq(dirs);\n}\n\nforeach dir (dirs)\n{\n url = string(dir, '/');\n res = http_send_recv3(method: \"GET\", item: url, port: port, exit_on_fail: TRUE);\n\n if (meta_tag >< res[2])\n {\n installs = add_install(\n installs : installs,\n dir : dir,\n appname : 'pligg',\n port : port\n );\n\n if (!thorough_tests) break;\n }\n}\n\nif (isnull(installs)) exit(0, \"Pligg wasn't detected on port \"+port+\".\");\n\nif (report_verbosity > 0)\n{\n report = get_install_report(\n display_name : 'Pligg',\n installs : installs,\n port : port\n );\n security_note(port: port, extra: report);\n}\nelse security_note(port);\n", "title": "Pligg Detection", "type": "nessus", "viewCount": 22}, "differentElements": ["cpe"], "edition": 1, "lastseen": "2016-09-26T17:26:45"}, {"bulletin": {"bulletinFamily": "scanner", "cpe": ["cpe:/a:pligg:pligg_cms"], "cvelist": [], "cvss": {"score": 0.0, "vector": "NONE"}, "description": "The remote host is running Pligg, a web-based content management\nsystem written in PHP.", "edition": 6, "enchantments": {"dependencies": {"modified": "2019-11-01T03:20:04", "references": [{"idList": ["PLIGG_REG_USERNAME_XSS.NASL", "PLIGG_SEARCH_XSS.NASL"], "type": "nessus"}]}, "score": {"modified": "2019-11-01T03:20:04", "value": -0.3, "vector": "NONE"}}, "hash": "4b99fc7c6b966a9c7311daea50642f8ac43da705edc94e442bc3934b81d1a415", "hashmap": [{"hash": "abcf9266f425f12dda38f529cd4a94bc", "key": "modified"}, {"hash": "9b0e46dace93367b7e91f251d817f95a", "key": "reporter"}, {"hash": "b08da571809389472a005a3bf19155d1", "key": "description"}, {"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "cvelist"}, {"hash": "bd3f5400b3a1b1633d77912d82679116", "key": "href"}, {"hash": "f05cda2ad6eb9bde7da925c33af27896", "key": "sourceData"}, {"hash": "862bf55a7cf8fc3acdefc6a126aa4df3", "key": "published"}, {"hash": "8cd4821cb504d25572038ed182587d85", "key": "cvss"}, {"hash": "bbdaea376f500d25f6b0c1050311dd07", "key": "bulletinFamily"}, {"hash": "5e0bd03bec244039678f2b955a2595aa", "key": "type"}, {"hash": "d8f3cb3674af082a47f1efb9fdd28199", "key": "cpe"}, {"hash": "12723a7b7683b8508bb7f6c3888843bb", "key": "title"}, {"hash": "07948b8ff59e8dda0b01012f70f00327", "key": "naslFamily"}, {"hash": "1f07de9db0b3ec4c623e714ed66de1c5", "key": "references"}, {"hash": "3acba2462aedc96a84aa63c995f13572", "key": "pluginID"}], "history": [], "href": "https://www.tenable.com/plugins/nessus/47765", "id": "PLIGG_DETECT.NASL", "lastseen": "2019-11-01T03:20:04", "modified": "2019-11-02T00:00:00", "naslFamily": "CGI abuses", "objectVersion": "1.3", "pluginID": "47765", "published": "2010-07-19T00:00:00", "references": ["http://www.pligg.com"], "reporter": "This script is Copyright (C) 2010-2019 and is owned by Tenable, Inc. or an Affiliate thereof.", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\n\ninclude(\"compat.inc\");\n\n\nif (description)\n{\n script_id(47765);\n script_version(\"1.6\");\n script_cvs_date(\"Date: 2019/06/04 15:09:32\");\n\n script_name(english:\"Pligg Detection\");\n script_summary(english:\"Looks for Pligg\");\n\n script_set_attribute(\n attribute:\"synopsis\",\n value:\n\"The remote web server is running a content management system written\nin PHP.\"\n );\n script_set_attribute(\n attribute:\"description\",\n value:\n\"The remote host is running Pligg, a web-based content management\nsystem written in PHP.\"\n );\n script_set_attribute(attribute:\"see_also\", value:\"http://www.pligg.com\");\n script_set_attribute(attribute:\"solution\", value:\"n/a\");\n script_set_attribute(attribute:\"risk_factor\", value:\"None\");\n\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2010/07/19\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"remote\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:pligg:pligg_cms\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"CGI abuses\");\n\n script_copyright(english:\"This script is Copyright (C) 2010-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"http_version.nasl\");\n script_exclude_keys(\"Settings/disable_cgi_scanning\");\n script_require_ports(\"Services/www\", 80);\n script_require_keys(\"www/PHP\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"http.inc\");\ninclude(\"webapp_func.inc\");\n\nport = get_http_port(default:80, php: TRUE);\n\ninstalls = NULL;\nmeta_tag = '<meta name=\"description\" content=\"Pligg is an open source content management system that lets you easily <a href=\\'http://www.pligg.com\\'>create your own social network</a>.\" />';\ndirs = cgi_dirs();\n\nif (thorough_tests)\n{\n dirs = make_list(dirs, '/pligg');\n dirs = list_uniq(dirs);\n}\n\nforeach dir (dirs)\n{\n url = string(dir, '/');\n res = http_send_recv3(method: \"GET\", item: url, port: port, exit_on_fail: TRUE);\n\n if (meta_tag >< res[2])\n {\n installs = add_install(\n installs : installs,\n dir : dir,\n appname : 'pligg',\n port : port,\n cpe : \"cpe:/a:pligg:pligg_cms\"\n );\n\n if (!thorough_tests) break;\n }\n}\n\nif (isnull(installs)) exit(0, \"Pligg wasn't detected on port \"+port+\".\");\n\nif (report_verbosity > 0)\n{\n report = get_install_report(\n display_name : 'Pligg',\n installs : installs,\n port : port\n );\n security_note(port: port, extra: report);\n}\nelse security_note(port);\n", "title": "Pligg Detection", "type": "nessus", "viewCount": 34}, "differentElements": ["sourceData"], "edition": 6, "lastseen": "2019-11-01T03:20:04"}, {"bulletin": {"bulletinFamily": "scanner", "cpe": ["cpe:/a:pligg:pligg_cms"], "cvelist": [], "cvss": {"score": 0.0, "vector": "NONE"}, "description": "The remote host is running Pligg, a web-based content management\nsystem written in PHP.", "edition": 7, "enchantments": {"dependencies": {"modified": "2019-11-23T12:14:33", "references": [{"idList": ["PLIGG_REG_USERNAME_XSS.NASL", "PLIGG_SEARCH_XSS.NASL"], "type": "nessus"}]}, "score": {"modified": "2019-11-23T12:14:33", "value": -0.3, "vector": "NONE"}}, "hash": "bba66f01166d36bc846d8a7c08103aa096dfaab8878d537a3856a36b429efe9b", "hashmap": [{"hash": "abcf9266f425f12dda38f529cd4a94bc", "key": "modified"}, {"hash": "9b0e46dace93367b7e91f251d817f95a", "key": "reporter"}, {"hash": "b08da571809389472a005a3bf19155d1", "key": "description"}, {"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "cvelist"}, {"hash": "bd3f5400b3a1b1633d77912d82679116", "key": "href"}, {"hash": "862bf55a7cf8fc3acdefc6a126aa4df3", "key": "published"}, {"hash": "8cd4821cb504d25572038ed182587d85", "key": "cvss"}, {"hash": "0538aff46da0063328cc0517e846f3b5", "key": "sourceData"}, {"hash": "bbdaea376f500d25f6b0c1050311dd07", "key": "bulletinFamily"}, {"hash": "5e0bd03bec244039678f2b955a2595aa", "key": "type"}, {"hash": "d8f3cb3674af082a47f1efb9fdd28199", "key": "cpe"}, {"hash": "12723a7b7683b8508bb7f6c3888843bb", "key": "title"}, {"hash": "07948b8ff59e8dda0b01012f70f00327", "key": "naslFamily"}, {"hash": "1f07de9db0b3ec4c623e714ed66de1c5", "key": "references"}, {"hash": "3acba2462aedc96a84aa63c995f13572", "key": "pluginID"}], "history": [], "href": "https://www.tenable.com/plugins/nessus/47765", "id": "PLIGG_DETECT.NASL", "lastseen": "2019-11-23T12:14:33", "modified": "2019-11-02T00:00:00", "naslFamily": "CGI abuses", "objectVersion": "1.3", "pluginID": "47765", "published": "2010-07-19T00:00:00", "references": ["http://www.pligg.com"], "reporter": "This script is Copyright (C) 2010-2019 and is owned by Tenable, Inc. or an Affiliate thereof.", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\n\ninclude(\"compat.inc\");\n\n\nif (description)\n{\n script_id(47765);\n script_version(\"1.7\");\n script_cvs_date(\"Date: 2019/11/22\");\n\n script_name(english:\"Pligg Detection\");\n script_summary(english:\"Looks for Pligg\");\n\n script_set_attribute(\n attribute:\"synopsis\",\n value:\n\"The remote web server is running a content management system written\nin PHP.\"\n );\n script_set_attribute(\n attribute:\"description\",\n value:\n\"The remote host is running Pligg, a web-based content management\nsystem written in PHP.\"\n );\n script_set_attribute(attribute:\"see_also\", value:\"http://www.pligg.com\");\n script_set_attribute(attribute:\"solution\", value:\"n/a\");\n script_set_attribute(attribute:\"risk_factor\", value:\"None\");\n\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2010/07/19\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"remote\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:pligg:pligg_cms\");\n script_set_attribute(attribute:\"asset_inventory\", value:\"True\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"CGI abuses\");\n\n script_copyright(english:\"This script is Copyright (C) 2010-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"http_version.nasl\");\n script_exclude_keys(\"Settings/disable_cgi_scanning\");\n script_require_ports(\"Services/www\", 80);\n script_require_keys(\"www/PHP\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"http.inc\");\ninclude(\"webapp_func.inc\");\n\nport = get_http_port(default:80, php: TRUE);\n\ninstalls = NULL;\nmeta_tag = '<meta name=\"description\" content=\"Pligg is an open source content management system that lets you easily <a href=\\'http://www.pligg.com\\'>create your own social network</a>.\" />';\ndirs = cgi_dirs();\n\nif (thorough_tests)\n{\n dirs = make_list(dirs, '/pligg');\n dirs = list_uniq(dirs);\n}\n\nforeach dir (dirs)\n{\n url = string(dir, '/');\n res = http_send_recv3(method: \"GET\", item: url, port: port, exit_on_fail: TRUE);\n\n if (meta_tag >< res[2])\n {\n installs = add_install(\n installs : installs,\n dir : dir,\n appname : 'pligg',\n port : port,\n cpe : \"cpe:/a:pligg:pligg_cms\"\n );\n\n if (!thorough_tests) break;\n }\n}\n\nif (isnull(installs)) exit(0, \"Pligg wasn't detected on port \"+port+\".\");\n\nif (report_verbosity > 0)\n{\n report = get_install_report(\n display_name : 'Pligg',\n installs : installs,\n port : port\n );\n security_note(port: port, extra: report);\n}\nelse security_note(port);\n", "title": "Pligg Detection", "type": "nessus", "viewCount": 36}, "differentElements": ["modified"], "edition": 7, "lastseen": "2019-11-23T12:14:33"}], "edition": 8, "hashmap": [{"key": "bulletinFamily", "hash": "bbdaea376f500d25f6b0c1050311dd07"}, {"key": "cpe", "hash": "d8f3cb3674af082a47f1efb9fdd28199"}, {"key": "cvelist", "hash": "d41d8cd98f00b204e9800998ecf8427e"}, {"key": "cvss", "hash": "8cd4821cb504d25572038ed182587d85"}, {"key": "description", "hash": "b08da571809389472a005a3bf19155d1"}, {"key": "href", "hash": "bd3f5400b3a1b1633d77912d82679116"}, {"key": "modified", "hash": "5a7504dfe859a7ccbaf560628f6442ad"}, {"key": "naslFamily", "hash": "07948b8ff59e8dda0b01012f70f00327"}, {"key": "pluginID", "hash": "3acba2462aedc96a84aa63c995f13572"}, {"key": "published", "hash": "862bf55a7cf8fc3acdefc6a126aa4df3"}, {"key": "references", "hash": "1f07de9db0b3ec4c623e714ed66de1c5"}, {"key": "reporter", "hash": "9b0e46dace93367b7e91f251d817f95a"}, {"key": "sourceData", "hash": "0538aff46da0063328cc0517e846f3b5"}, {"key": "title", "hash": "12723a7b7683b8508bb7f6c3888843bb"}, {"key": "type", "hash": "5e0bd03bec244039678f2b955a2595aa"}], "hash": "d96247d726c2584490794ebc626ad6b06581f643174fd2859f8f862a7d75b014", "viewCount": 36, "enchantments": {"dependencies": {"references": [{"type": "nessus", "idList": ["PLIGG_REG_USERNAME_XSS.NASL", "PLIGG_SEARCH_XSS.NASL"]}], "modified": "2019-12-13T08:52:26"}, "score": {"value": -0.3, "vector": "NONE", "modified": "2019-12-13T08:52:26"}, "vulnersScore": -0.3}, "objectVersion": "1.3", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\n\ninclude(\"compat.inc\");\n\n\nif (description)\n{\n script_id(47765);\n script_version(\"1.7\");\n script_cvs_date(\"Date: 2019/11/22\");\n\n script_name(english:\"Pligg Detection\");\n script_summary(english:\"Looks for Pligg\");\n\n script_set_attribute(\n attribute:\"synopsis\",\n value:\n\"The remote web server is running a content management system written\nin PHP.\"\n );\n script_set_attribute(\n attribute:\"description\",\n value:\n\"The remote host is running Pligg, a web-based content management\nsystem written in PHP.\"\n );\n script_set_attribute(attribute:\"see_also\", value:\"http://www.pligg.com\");\n script_set_attribute(attribute:\"solution\", value:\"n/a\");\n script_set_attribute(attribute:\"risk_factor\", value:\"None\");\n\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2010/07/19\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"remote\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:pligg:pligg_cms\");\n script_set_attribute(attribute:\"asset_inventory\", value:\"True\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"CGI abuses\");\n\n script_copyright(english:\"This script is Copyright (C) 2010-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"http_version.nasl\");\n script_exclude_keys(\"Settings/disable_cgi_scanning\");\n script_require_ports(\"Services/www\", 80);\n script_require_keys(\"www/PHP\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"http.inc\");\ninclude(\"webapp_func.inc\");\n\nport = get_http_port(default:80, php: TRUE);\n\ninstalls = NULL;\nmeta_tag = '<meta name=\"description\" content=\"Pligg is an open source content management system that lets you easily <a href=\\'http://www.pligg.com\\'>create your own social network</a>.\" />';\ndirs = cgi_dirs();\n\nif (thorough_tests)\n{\n dirs = make_list(dirs, '/pligg');\n dirs = list_uniq(dirs);\n}\n\nforeach dir (dirs)\n{\n url = string(dir, '/');\n res = http_send_recv3(method: \"GET\", item: url, port: port, exit_on_fail: TRUE);\n\n if (meta_tag >< res[2])\n {\n installs = add_install(\n installs : installs,\n dir : dir,\n appname : 'pligg',\n port : port,\n cpe : \"cpe:/a:pligg:pligg_cms\"\n );\n\n if (!thorough_tests) break;\n }\n}\n\nif (isnull(installs)) exit(0, \"Pligg wasn't detected on port \"+port+\".\");\n\nif (report_verbosity > 0)\n{\n report = get_install_report(\n display_name : 'Pligg',\n installs : installs,\n port : port\n );\n security_note(port: port, extra: report);\n}\nelse security_note(port);\n", "naslFamily": "CGI abuses", "pluginID": "47765", "cpe": ["cpe:/a:pligg:pligg_cms"], "scheme": null}
{"nessus": [{"lastseen": "2019-12-13T08:52:26", "bulletinFamily": "scanner", "description": "The remote web server is hosting a version of Pligg that is affected\nby a cross-site scripting vulnerability in the ", "modified": "2019-12-02T00:00:00", "id": "PLIGG_REG_USERNAME_XSS.NASL", "href": "https://www.tenable.com/plugins/nessus/51438", "published": "2011-01-07T00:00:00", "title": "Pligg register.php reg_username Parameter XSS", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\n\ninclude(\"compat.inc\");\n\n\nif (description)\n{\n script_id(51438);\n script_version(\"1.9\");\n script_cvs_date(\"Date: 2018/08/13 14:32:36\");\n\n script_xref(name:\"Secunia\", value:\"42740\");\n\n script_name(english:\"Pligg register.php reg_username Parameter XSS\");\n script_summary(english:\"Attempts to exploit an XSS flaw in the reg_username parameter of Pligg\");\n\n script_set_attribute(\n attribute:\"synopsis\",\n value:\n\"The remote web server hosts a web application that is vulnerable to a\ncross-site scripting attack.\"\n );\n script_set_attribute(\n attribute:\"description\",\n value:\n\"The remote web server is hosting a version of Pligg that is affected\nby a cross-site scripting vulnerability in the 'reg_username'\nparameter of the 'register.php' script.\n\nAlso note it has been reported that several other cross-site scripting\nvulnerabilities exist in the script 'register.php' via the parameters\n'reg_email', 'reg_password', and 'reg_password2', although Nessus has\nnot checked for them.\"\n );\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?6e396247\");\n script_set_attribute(attribute:\"solution\", value:\"Upgrade to version 1.1.3 or greater.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:N/I:P/A:N\");\n script_cwe_id(20, 74, 79, 442, 629, 711, 712, 722, 725, 750, 751, 800, 801, 809, 811, 864, 900, 928, 931, 990);\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2010/12/23\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2010/12/23\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2011/01/07\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"remote\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:pligg:pligg_cms\");\n script_set_attribute(attribute:\"exploited_by_nessus\", value:\"true\");\n script_end_attributes();\n\n script_category(ACT_ATTACK);\n script_family(english:\"CGI abuses : XSS\");\n\n script_copyright(english:\"This script is Copyright (C) 2011-2018 Tenable Network Security, Inc.\");\n\n script_dependencie(\"pligg_detect.nasl\");\n script_exclude_keys(\"Settings/disable_cgi_scanning\");\n script_require_ports(\"Services/www\", 80);\n script_require_keys(\"www/pligg\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"http.inc\");\ninclude(\"url_func.inc\");\ninclude(\"webapp_func.inc\");\n\nport = get_http_port(default:80, php:TRUE);\n\ninstall = get_install_from_kb(appname:'pligg', port:port, exit_on_fail:TRUE);\ntimestamp = unixtime();\n\nxss = '\"onmouseover=alert(/'+SCRIPT_NAME + '-' + timestamp +'/)>';\npost_data = 'reg_username='\n + xss\n + '®_email=fakeemail®_password=fakepasswd®_password2=fakepasswd'\n + '&recaptcha_challenge_field=junk&recaptcha_response_field=junk'\n + '&submit=Create+user®from=full';\n\nexpected_output = 'name=\"reg_username\" id=\"reg_username\" value=\"\\\\\"'\n + 'onmouseover=alert(/'\n + SCRIPT_NAME + '-' + timestamp\n + '/)>\" size=\"25\"';\n\nw = http_send_recv3(\n method : \"POST\",\n item : install['dir'] + \"/register.php\",\n data : post_data,\n content_type : 'application/x-www-form-urlencoded',\n port : port,\n exit_on_fail : TRUE\n);\n\nif (expected_output >< w[2])\n{\n set_kb_item(name:'www/'+port+'/XSS', value:TRUE);\n\n if(report_verbosity > 0)\n {\n report =\n '\\n' + 'Nessus was able to verify the issue with the following request : ' +\n '\\n' +\n '\\n ' + str_replace(find:'\\n', replace:'\\n ', string: http_last_sent_request()) + '\\n';\n security_warning(port:port, extra:report);\n }\n else security_warning(port:port);\n exit(0);\n}\nelse exit(0, \"The Pligg install at \" + install['dir'] + \" is not affected.\");\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2019-12-13T08:52:26", "bulletinFamily": "scanner", "description": "The remote web server is hosting a version of Pligg that is affected\nby a cross-site scripting vulnerability in the ", "modified": "2019-12-02T00:00:00", "id": "PLIGG_SEARCH_XSS.NASL", "href": "https://www.tenable.com/plugins/nessus/47766", "published": "2010-07-20T00:00:00", "title": "Pligg search.php search Parameter XSS", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\n\ninclude(\"compat.inc\");\n\n\nif (description)\n{\n script_id(47766);\n script_version(\"1.12\");\n script_cvs_date(\"Date: 2018/11/15 20:50:20\");\n\n script_bugtraq_id(41729);\n script_xref(name:\"Secunia\", value:\"40616\");\n\n script_name(english:\"Pligg search.php search Parameter XSS\");\n script_summary(english:\"Attempts to exploit an XSS flaw in the search parameter of Pligg\");\n\n script_set_attribute(\n attribute:\"synopsis\",\n value:\n\"The remote web server hosts a web application that is vulnerable to a\ncross-site scripting attack.\"\n );\n script_set_attribute(\n attribute:\"description\",\n value:\n\"The remote web server is hosting a version of Pligg that is affected\nby a cross-site scripting vulnerability in the 'search' parameter of\nthe 'search.php' script.\"\n );\n # http://pligg.svn.sourceforge.net/viewvc/pligg?view=revision&revision=2030\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?e114a6c5\");\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.securityfocus.com/archive/1/512394\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Apply the fix from the SVN repository.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:N/I:P/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:F/RL:U/RC:ND\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_cwe_id(20, 74, 79, 442, 629, 711, 712, 722, 725, 750, 751, 800, 801, 809, 811, 864, 900, 928, 931, 990);\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2010/07/15\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2010/07/19\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2010/07/20\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"remote\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:pligg:pligg_cms\");\n script_end_attributes();\n\n script_category(ACT_ATTACK);\n script_family(english:\"CGI abuses : XSS\");\n\n script_copyright(english:\"This script is Copyright (C) 2010-2018 Tenable Network Security, Inc.\");\n\n script_dependencie(\"pligg_detect.nasl\");\n script_exclude_keys(\"Settings/disable_cgi_scanning\");\n script_require_ports(\"Services/www\", 80);\n script_require_keys(\"www/pligg\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"http.inc\");\ninclude(\"url_func.inc\");\ninclude(\"webapp_func.inc\");\n\nport = get_http_port(default:80);\n\ninstall = get_install_from_kb(appname:'pligg', port:port);\nif(isnull(install)) exit(0, \"Pligg was not detected on port \"+port+\".\");\n\nxss = '1\"></a><script>alert(\"'+SCRIPT_NAME + '-' + unixtime() + '\")</script>';\nexpected_output = 'rsssearch.php?search='+xss+'\" target=\"_blank\">';\n\nexploited = test_cgi_xss(\n port : port,\n dirs : make_list(install['dir']),\n cgi : \"/search.php\",\n qs : \"search=\"+xss,\n pass_str : expected_output,\n ctrl_re : 'name=\"search\" id=\"searchsite\" value=\"'\n);\n\nif (!exploited)\n{\n install_url = build_url(qs: install['dir'], port: port);\n exit(0, \"The Pligg install at \" + install_url + \" is not affected.\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}]}
