Vulners
Lucene search
CGI Generic XML Injection
| Source | Link |
|---|---|
| nessus | www.nessus.org/u |
#%NASL_MIN_LEVEL 70300
#
# (C) Tenable Network Security, Inc.
#
include('deprecated_nasl_level.inc');
include('compat.inc');
if(description)
{
script_id(46196);
script_version("1.17");
script_set_attribute(attribute:"plugin_modification_date", value:"2024/06/14");
script_xref(name:"OWASP", value:"OWASP-DV-008");
script_name(english: "CGI Generic XML Injection");
script_summary(english: "Detect SOAP back-end and potential XML injection");
script_set_attribute(attribute:"synopsis", value:
"A CGI application hosted on the remote web server is potentially
prone to an XML injection attack.");
script_set_attribute(attribute:"description", value:
"By sending specially crafted parameters to one or more CGI scripts
hosted on the remote web server, Nessus was able to get a very
different response, which suggests that it may have been able to
modify the behavior of the application and directly access a SOAP
back-end.
An attacker may be able to exploit this issue to bypass
authentication, read confidential data, modify the remote database, or
even take control of the remote operating system.
Exploitation of XML injections is usually far from trivial." );
script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?5691cc8c");
script_set_attribute(attribute:"solution", value:
"Modify the affected CGI scripts so that they properly escape arguments,
especially XML tags and special characters (angle brackets and slashes).");
script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P");
script_cwe_id(
91, # XML Injection aka Blind XPath Injection
713, # OWASP Top 10 2007 A2
722, # OWASP Top 10 2004 A1
727, # OWASP Top 10 2004 A6
810, # OWASP Top Ten 2010 Category A1 - Injection
928, # Weaknesses in OWASP Top Ten 2013
929 # OWASP Top Ten 2013 Category A1 - Injection
);
script_set_attribute(attribute:"plugin_publication_date", value:"2010/04/30");
script_set_attribute(attribute:"plugin_type", value:"remote");
script_end_attributes();
script_category(ACT_ATTACK);
script_copyright(english:"This script is Copyright (C) 2010-2024 Tenable Network Security, Inc.");
script_family(english: "CGI abuses");
script_dependencie("http_version.nasl", "webmirror.nasl", "web_app_test_settings.nasl", "torture_cgi_load_estimation1.nasl");
script_require_ports("Services/www", 80);
script_timeout(43200); # Timeout is managed by the script itself
script_require_keys("Settings/enable_web_app_tests");
exit(0);
}
#
# The script code starts here
#
include("global_settings.inc");
include("misc_func.inc");
include("http.inc");
include("torture_cgi.inc");
include("url_func.inc");
####
i = 0;
# There is a risk of FP with "<foo></ foo>" only: this may be deleted by
# the strip_tags() PHP function (protection against XSS)
poison_ok[i] = "<foo>bar</ foo>"; poison_ko[i++] = "</ foo>";
####
port = torture_cgi_init(vul:'ZI');
report = torture_cgis_yesno(port: port, vul: "ZI");
if (strlen(report) > 0)
{
security_warning(port:port, extra: report);
}
Data
Build on a solid foundation with Vulners data
We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data
Api
Power your application with Vulners API
The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access
App
Assess and manage vulnerabilities with Vulners tools
Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation
14 Jun 2024 00:00Current
5.7Medium risk
Vulners AI Score5.7