Lucene search
This script is Copyright (C) 2005-2022 Tenable Network Security, Inc.TRAC_SQL_INJECTION.NASLHistoryDec 02, 2005 - 12:00 a.m.
Trac Ticket Query Module group Parameter SQL Injection
2005-12-0200:00:00
This script is Copyright (C) 2005-2022 Tenable Network Security, Inc.
www.tenable.com
13
The remote host is running Trac, an enhanced wiki and issue tracking system for software development projects written in Python.
The remote version of this software is prone to a SQL injection flaw through the ticket query module due to ‘group’ parameter is not properly sanitized.
#%NASL_MIN_LEVEL 70300
#
# (C) Tenable Network Security, Inc.
#
include('deprecated_nasl_level.inc');
include('compat.inc');
if (description)
{
script_id(20252);
script_version("1.23");
script_set_attribute(attribute:"plugin_modification_date", value:"2022/04/11");
script_cve_id("CVE-2005-3980");
script_bugtraq_id(15676);
script_name(english:"Trac Ticket Query Module group Parameter SQL Injection");
script_set_attribute(attribute:"synopsis", value:
"The remote web server contains a CGI script that is affected by a SQL
injection flaw.");
script_set_attribute(attribute:"description", value:
"The remote host is running Trac, an enhanced wiki and issue tracking
system for software development projects written in Python.
The remote version of this software is prone to a SQL injection flaw
through the ticket query module due to 'group' parameter is not
properly sanitized.");
script_set_attribute(attribute:"see_also", value:"https://www.securityfocus.com/archive/1/418294/30/0/threaded");
script_set_attribute(attribute:"see_also", value:"http://projects.edgewall.com/trac/wiki/ChangeLog");
script_set_attribute(attribute:"solution", value:
"Upgrade to Trac version 0.9.1 or later.");
script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P");
script_set_cvss_temporal_vector("CVSS2#E:H/RL:OF/RC:C");
script_set_attribute(attribute:"exploitability_ease", value:"No exploit is required");
script_set_attribute(attribute:"exploit_available", value:"false");
script_set_attribute(attribute:"vuln_publication_date", value:"2005/12/01");
script_set_attribute(attribute:"plugin_publication_date", value:"2005/12/02");
script_set_attribute(attribute:"plugin_type", value:"remote");
script_set_attribute(attribute:"thorough_tests", value:"true");
script_end_attributes();
script_category(ACT_GATHER_INFO);
script_family(english:"CGI abuses");
script_copyright(english:"This script is Copyright (C) 2005-2022 Tenable Network Security, Inc.");
script_dependencies("http_version.nasl");
script_exclude_keys("Settings/disable_cgi_scanning");
script_require_ports("Services/www");
exit(0);
}
include("global_settings.inc");
include("http_func.inc");
include("http_keepalive.inc");
include("misc_func.inc");
port = get_http_port(default:80, embedded:TRUE);
if (get_kb_item("Services/www/"+port+"/embedded")) exit(0);
# Loop through directories.
if (thorough_tests) dirs = list_uniq(make_list("/trac", cgi_dirs()));
else dirs = make_list(cgi_dirs());
foreach dir (dirs)
{
buf = http_get(item:string(dir,"/query?group=--"), port:port);
r = http_keepalive_send_recv(port:port, data:buf, bodyonly:1);
if( r == NULL )exit(0);
if("Trac detected an internal error" >< r && egrep(pattern:"<title>Oops - .* - Trac<", string:r))
{
security_hole(port);
set_kb_item(name: 'www/'+port+'/SQLInjection', value: TRUE);
exit(0);
}
}
Related
cve
cve
CVE-2005-3980
2005-12-04 11:03:00
cvelist
cvelist
CVE-2005-3980
2005-12-04 11:00:00
openvas
openvas
Edgewall Software Trac SQL injection flaw
2006-03-26 00:00:00
Edgewall Software Trac SQL injection flaw
2006-03-26 00:00:00
FreeBSD Ports: trac, ja-trac
2008-09-04 00:00:00
debiancve
debiancve
CVE-2005-3980
2005-12-04 11:03:00
nessus
nessus
freebsd
freebsd
Related for TRAC_SQL_INJECTION.NASL