Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
nessusThis script is Copyright (C) 2003-2021 Tenable Network Security, Inc.SIMPLE_CHAT_USER_DISCLOSURE.NASL
HistoryMar 25, 2003 - 12:00 a.m.

SimpleChat Information Disclosure

2003-03-2500:00:00
This script is Copyright (C) 2003-2021 Tenable Network Security, Inc.
www.tenable.com
16
JSON

It is possible to retrieve list of users currently connected to the remote SimpleChat server by requesting the file β€˜data/usr’.
An attacker may use this flaw to obtain the IP address of every user currently connected.

#%NASL_MIN_LEVEL 70300
#
# (C) Tenable Network Security, Inc.
#

# Ref:
#  Date: 20 Mar 2003 03:33:03 -0000
#  From: subj <[email protected]>
#  To: [email protected]
#  Subject: SimpleChat


include('deprecated_nasl_level.inc');
include('compat.inc');


if(description)
{
 script_id(11469);
 script_version("1.20");

 script_bugtraq_id(7168);

 script_name(english:"SimpleChat Information Disclosure");
 script_summary(english:"Checks for the presence of data/usr");

 script_set_attribute( attribute:"synopsis", value:
"The remote web server contains a CGI script that is affected by an
information disclosure vulnerability." );
 script_set_attribute(attribute:"description", value:
"It is possible to retrieve list of users currently connected to
the remote SimpleChat server by requesting the file 'data/usr'.
An attacker may use this flaw to obtain the IP address of every
user currently connected." );
 script_set_attribute(
  attribute:"see_also", 
  value:"https://seclists.org/bugtraq/2003/Mar/326"
 );
 script_set_attribute(
  attribute:"solution", 
  value:"Add a .htaccess file to prevent access to this file. "
 );
 script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:N");
 script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
 script_set_attribute(attribute:"exploitability_ease", value:"No exploit is required");
 script_set_attribute(attribute:"exploit_available", value:"true");
 script_set_attribute(attribute:"plugin_publication_date", value: "2003/03/25");
 script_set_attribute(attribute:"plugin_modification_date", value:"2021/01/19");
 script_set_attribute(attribute:"plugin_type", value:"remote");
 script_end_attributes();

 script_category(ACT_ATTACK);
 
 script_copyright(english:"This script is Copyright (C) 2003-2021 Tenable Network Security, Inc.");
 script_family(english:"CGI abuses");

 script_dependencie("http_version.nasl");
 script_require_ports("Services/www", 80);
 script_exclude_keys("Settings/disable_cgi_scanning");
 exit(0);
}

#
# The script code starts here
#

include("global_settings.inc");
include("misc_func.inc");
include("http.inc");

port = get_http_port(default:80, embedded: 0);


foreach dir (cgi_dirs())
{
 url = string(dir, "/data/usr");
 res = http_send_recv3(method:"GET", item:url, port:port);
 if (isnull(res)) exit(0);

 if (res[0] =~ "^HTTP/1\/[01] 200 ")
 {
  if(egrep(pattern:"[0-9]+:\|:[0-9]+\.[0-9]+\.[0-9]+\.[0-9]+:\|", string:res[2]))
  {
   if (report_verbosity > 0)
   {
    report = string(
     "\n",
     "The following request can be used to verify the issue :\n",
     "\n",
     "  ", build_url(port:port, qs:url), "\n"
    );
    security_warning(port:port, extra:report);
   }
   else security_warning(port);
   exit(0);
  }
 }
}
JSON