Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
nessusThis script is Copyright (C) 2004-2021 and is owned by Tenable, Inc. or an Affiliate thereof.USEMODWIKI_XSS.NASL
HistoryDec 14, 2004 - 12:00 a.m.

UseModWiki wiki.pl XSS

2004-12-1400:00:00
This script is Copyright (C) 2004-2021 and is owned by Tenable, Inc. or an Affiliate thereof.
www.tenable.com
25
JSON

The remote host is using UseModWiki, a wiki CGI written in Perl.

The CGI ‘wiki.pl’ is vulnerable to a cross-site-scripting issue that may allow attackers to steal the cookies of third parties.

#%NASL_MIN_LEVEL 70300
#
# (C) Tenable Network Security, Inc.
#


include('deprecated_nasl_level.inc');
include('compat.inc');

if (description)
{
 script_id(15967);
 script_version("1.25");

 script_cve_id("CVE-2004-1397");
 script_bugtraq_id(11924);

 script_name(english:"UseModWiki wiki.pl XSS");

 script_set_attribute(attribute:"synopsis", value:
"The remote web server has a CGI script that is prone to cross-site
scripting attacks." );
 script_set_attribute(attribute:"description", value:
"The remote host is using UseModWiki, a wiki CGI written in Perl. 

The CGI 'wiki.pl' is vulnerable to a cross-site-scripting issue that
may allow attackers to steal the cookies of third parties." );
 script_set_attribute(attribute:"see_also", value:"http://marc.info/?l=bugtraq&m=110305173302388&w=2" );
 script_set_attribute(attribute:"solution", value:
"Unknown at this time." );
 script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:N/I:P/A:N");
 script_set_cvss_temporal_vector("CVSS2#E:H/RL:OF/RC:C");
 script_set_attribute(attribute:"exploitability_ease", value:"No exploit is required");
 script_set_attribute(attribute:"exploit_available", value:"false");
 script_cwe_id(20, 74, 79, 442, 629, 711, 712, 722, 725, 750, 751, 800, 801, 809, 811, 864, 900, 928, 931, 990);

 script_set_attribute(attribute:"plugin_publication_date", value: "2004/12/14");
 script_set_attribute(attribute:"vuln_publication_date", value: "2004/12/09");
 script_set_attribute(attribute:"plugin_modification_date", value:"2021/01/19");
 script_set_attribute(attribute:"patch_publication_date", value: "2007/07/09");
 script_set_attribute(attribute:"plugin_type", value:"remote");
 script_end_attributes();

 script_summary(english:"Determine if wiki.pl is vulnerable to xss attack");
 script_category(ACT_ATTACK);
 script_family(english:"CGI abuses : XSS");
 script_copyright(english:"This script is Copyright (C) 2004-2021 and is owned by Tenable, Inc. or an Affiliate thereof.");
 script_dependencie("http_version.nasl", "cross_site_scripting.nasl");
 script_require_ports("Services/www", 80);
 script_exclude_keys("Settings/disable_cgi_scanning");
 exit(0);
}

include("global_settings.inc");
include("misc_func.inc");
include("http.inc");

port = get_http_port(default:80, embedded: 0);

if ( get_kb_item("www/"+port+"/generic_xss") ) exit(0);

test_cgi_xss(dirs: cgi_dirs(), cgi: '/wiki.pl', qs: '<script>foo</script>',
 pass_str: '<H2>Invalid Page <script>foo<', port: port);

Related

ubuntucve 1
debiancve 1
cve 1
ubuntucve
ubuntucve
CVE-2004-1397
2004-12-31 00:00:00
debiancve
debiancve
CVE-2004-1397
2004-12-31 05:00:00
cve
cve
CVE-2004-1397
2004-12-31 05:00:00
JSON
Related for USEMODWIKI_XSS.NASL
ubuntucve1debiancve1cve1