Lucene search
This script is Copyright (C) 2003-2021 John LampeUPLOADSKRIP.NASLHistoryJun 17, 2003 - 12:00 a.m.
AspUpload Test11.asp Arbitrary File Upload
2003-06-1700:00:00
This script is Copyright (C) 2003-2021 John Lampe
www.tenable.com
23
CVSS2
6.4
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:L/Au:N/C:P/I:P/A:N
EPSS
0.004
Percentile
73.7%
At least one example script distributed with AspUpload appears to be installed on the remote web server. AspUpload is an ASP script that supports saving and processing files uploading through other web scripts, and the example script likely contains a flaw that allows an attacker to upload arbitrary files and store them anywhere on the affected drive.
#%NASL_MIN_LEVEL 70300
#
# This script was written by John [email protected]
#
# See the Nessus Scripts License for details
#
include('deprecated_nasl_level.inc');
include('compat.inc');
if(description)
{
script_id(11746);
script_version("1.23");
script_cve_id("CVE-2001-0938");
script_bugtraq_id(3608);
script_name(english:"AspUpload Test11.asp Arbitrary File Upload");
script_set_attribute(attribute:"synopsis", value:
"The remote web server contains an ASP script that may allow uploading
of arbitrary files." );
script_set_attribute(attribute:"description", value:
"At least one example script distributed with AspUpload appears to be
installed on the remote web server. AspUpload is an ASP script that
supports saving and processing files uploading through other web
scripts, and the example script likely contains a flaw that allows an
attacker to upload arbitrary files and store them anywhere on the
affected drive." );
script_set_attribute(attribute:"see_also", value:"https://marc.info/?l=bugtraq&m=100715294425985&w=2" );
script_set_attribute(attribute:"solution", value:
"Unknown at this time." );
script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P");
script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
script_set_attribute(attribute:"exploitability_ease", value:"No exploit is required");
script_set_attribute(attribute:"exploit_available", value:"false");
script_set_attribute(attribute:"plugin_publication_date", value: "2003/06/17");
script_set_attribute(attribute:"vuln_publication_date", value: "2001/11/30");
script_set_attribute(attribute:"plugin_modification_date", value:"2021/01/19");
script_set_attribute(attribute:"plugin_type", value:"remote");
script_end_attributes();
summary["english"] = "Checks for the AspUpload software";
script_summary(english:summary["english"]);
script_category(ACT_ATTACK);
script_copyright(english:"This script is Copyright (C) 2003-2021 John Lampe");
script_family(english:"CGI abuses");
script_dependencie("http_version.nasl", "find_service1.nasl", "no404.nasl");
script_require_ports("Services/www", 80);
script_exclude_keys("Settings/disable_cgi_scanning");
script_require_keys("www/ASP");
exit(0);
}
#
# The script code starts here
#
include("http_func.inc");
include("http_keepalive.inc");
port = get_http_port(default:80, embedded:TRUE);
if(!get_port_state(port))exit(0);
if(!can_host_asp(port:port))exit(0);
foreach dir (cgi_dirs())
{
req = http_get(item:dir + "/Test11.asp", port:port);
res = http_keepalive_send_recv(port:port, data:req, bodyonly:TRUE);
if( res == NULL ) exit(0);
if ("UploadScript11.asp" >< r)
{
security_hole(port);
exit(0);
}
}
Related
openvas
openvas
AspUpload vulnerability
2005-11-03 00:00:00
AspUpload vulnerability
2005-11-03 00:00:00
cvelist
cvelist
CVE-2001-0938
2002-02-02 05:00:00
cve
cve
CVE-2001-0938
2002-02-02 05:00:00
nvd
nvd
CVE-2001-0938
2001-11-30 05:00:00
CVSS2
6.4
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:L/Au:N/C:P/I:P/A:N
EPSS
0.004
Percentile
73.7%
Related for UPLOADSKRIP.NASL