Lucene search
This script is Copyright (C) 2003-2021 Tenable Network Security, Inc.SCOZBOOK.NASLHistoryMar 30, 2003 - 12:00 a.m.
ScozBook scozbook/add.php Multiple Parameter XSS
2003-03-3000:00:00
This script is Copyright (C) 2003-2021 Tenable Network Security, Inc.
www.tenable.com
31
5 Medium
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
NONE
AV:N/AC:L/Au:N/C:P/I:N/A:N
0.017 Low
EPSS
Percentile
88.0%
The remote host is running ScozBook
This set of CGI has two vulnerabilities :
- It is vulnerable to cross-site scripting attacks (in add.php)
- If the user requests view.php with a crafted PG Variable, he will obtain the physical path of the remote CGI An attacker may use these flaws to steal the cookies of your users or to gain better knowledge about this host.
#%NASL_MIN_LEVEL 70300
#
# (C) Tenable Network Security, Inc.
#
# Ref:
# From: "euronymous" <[email protected]>
# To: [email protected], [email protected]
# Subject: ScozBook BETA 1.1 vulnerabilities
include('deprecated_nasl_level.inc');
include('compat.inc');
if(description)
{
script_id(11502);
script_version("1.23");
script_cve_id("CVE-2003-1554", "CVE-2003-1555");
script_bugtraq_id(7235, 7236);
script_name(english: "ScozBook scozbook/add.php Multiple Parameter XSS");
script_set_attribute(attribute:"synopsis", value:
"The remote web application is vulnerable to cross-site-scripting and
path disclosure." );
script_set_attribute(attribute:"description", value:
"The remote host is running ScozBook
This set of CGI has two vulnerabilities :
- It is vulnerable to cross-site scripting attacks
(in add.php)
- If the user requests view.php with a crafted PG
Variable, he will obtain the physical path of the
remote CGI
An attacker may use these flaws to steal the cookies of your users
or to gain better knowledge about this host." );
script_set_attribute(attribute:"solution", value:
"Delete this package." );
script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:N");
script_set_cvss_temporal_vector("CVSS2#E:H/RL:OF/RC:C");
script_set_attribute(attribute:"exploitability_ease", value:"No exploit is required");
script_set_attribute(attribute:"exploit_available", value:"false");
script_cwe_id(79, 200);
script_set_attribute(attribute:"plugin_publication_date", value: "2003/03/30");
script_set_attribute(attribute:"plugin_modification_date", value:"2021/01/19");
script_set_attribute(attribute:"plugin_type", value:"remote");
script_end_attributes();
script_summary(english: "Checks for the presence of view.php");
script_category(ACT_GATHER_INFO);
script_copyright(english:"This script is Copyright (C) 2003-2021 Tenable Network Security, Inc.");
script_family(english: "CGI abuses");
script_dependencie("http_version.nasl");
script_require_ports("Services/www", 80);
script_exclude_keys("Settings/disable_cgi_scanning");
script_require_keys("www/PHP");
exit(0);
}
#
# The script code starts here
#
include("global_settings.inc");
include("misc_func.inc");
include("http.inc");
port = get_http_port(default:80);
if(!can_host_php(port:port))exit(0);
gdir = make_list(cgi_dirs());
dirs = make_list("", "/guestbook");
foreach d (gdir)
{
dirs = make_list(dirs, string(d, "/guestbook"), d);
}
foreach dir (dirs)
{
r = http_send_recv3(method: "GET", item:string(dir, "/view.php?PG=foobar"), port:port);
if (isnull(r)) exit(0);
if(egrep(pattern:".*MySQL result resource.*", string: r[2]))
{
security_warning(port);
set_kb_item(name: 'www/'+port+'/XSS', value: TRUE);
exit(0);
}
}
Related
cve
cve
CVE-2003-1554
2008-03-26 17:00:00
CVE-2003-1555
2008-03-26 17:00:00
cvelist
cvelist
CVE-2003-1554
2008-03-26 17:00:00
CVE-2003-1555
2008-03-26 17:00:00
nvd
nvd
CVE-2003-1554
2003-12-31 05:00:00
CVE-2003-1555
2003-12-31 05:00:00
5 Medium
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
NONE
AV:N/AC:L/Au:N/C:P/I:N/A:N
0.017 Low
EPSS
Percentile
88.0%
Related for SCOZBOOK.NASL