Lucene search
This script is Copyright (C) 2005-2022 Tenable Network Security, Inc.WEBCALENDAR_SQL2.NASLHistoryFeb 18, 2005 - 12:00 a.m.
WebCalendar login.php webcalendar_session Cookie SQL Injection
2005-02-1800:00:00
This script is Copyright (C) 2005-2022 Tenable Network Security, Inc.
www.tenable.com
26
The remote version of WebCalendar contains a SQL injection vulnerability that may allow an attacker to execute arbitrary SQL statements against the remote database. An attacker may be able to leverage this issue to, for example, delete arbitrary database tables.
#%NASL_MIN_LEVEL 70300
#
# (C) Tenable Network Security, Inc.
#
include('deprecated_nasl_level.inc');
include('compat.inc');
if (description)
{
script_id(17142);
script_version("1.21");
script_set_attribute(attribute:"plugin_modification_date", value:"2022/06/01");
script_cve_id("CVE-2005-0474");
script_bugtraq_id(12581);
script_name(english:"WebCalendar login.php webcalendar_session Cookie SQL Injection");
script_set_attribute(attribute:"synopsis", value:
"The remote web server has a PHP script that is affected by a SQL
injection flaw.");
script_set_attribute(attribute:"description", value:
"The remote version of WebCalendar contains a SQL injection
vulnerability that may allow an attacker to execute arbitrary SQL
statements against the remote database. An attacker may be able to
leverage this issue to, for example, delete arbitrary database tables.");
script_set_attribute(attribute:"see_also", value:"http://scovettalabs.com/wp-content/uploads/2008/02/scl-2005001.txt");
script_set_attribute(attribute:"see_also", value:"https://marc.info/?l=bugtraq&m=110868446431706&w=2");
script_set_attribute(attribute:"solution", value:
"Upgrade to WebCalendar 0.9.5 or later.");
script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P");
script_set_cvss_temporal_vector("CVSS2#E:H/RL:OF/RC:C");
script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L");
script_set_cvss3_temporal_vector("CVSS:3.0/E:H/RL:O/RC:C");
script_set_attribute(attribute:"exploitability_ease", value:"No exploit is required");
script_set_attribute(attribute:"exploit_available", value:"false");
script_set_attribute(attribute:"vuln_publication_date", value:"2005/02/17");
script_set_attribute(attribute:"plugin_publication_date", value:"2005/02/18");
script_set_attribute(attribute:"plugin_type", value:"remote");
script_set_attribute(attribute:"thorough_tests", value:"true");
script_end_attributes();
script_category(ACT_GATHER_INFO);
script_family(english:"CGI abuses");
script_copyright(english:"This script is Copyright (C) 2005-2022 Tenable Network Security, Inc.");
script_dependencies("webcalendar_detect.nasl");
script_require_keys("www/webcalendar");
script_exclude_keys("Settings/disable_cgi_scanning");
script_require_ports("Services/www", 80);
exit(0);
}
include("audit.inc");
include("global_settings.inc");
include("misc_func.inc");
include("http.inc");
port = get_http_port(default:80, php:TRUE);
# Test an install.
install = get_kb_item("www/" +port+ "/webcalendar");
if (isnull(install)) audit(AUDIT_WEB_APP_NOT_INST, "WebCalendar", port);
matches = eregmatch(string:install, pattern:"^(.+) under (/.*)$");
if (!isnull(matches)) {
dir = matches[2];
set_http_cookie(name: "webcalendar_session", value: "7d825292854146");
r = http_send_recv3(method: "GET", item:dir + "/views.php", port:port, exit_on_fail:TRUE);
if ( "<!--begin_error(dbierror)-->" >< r[2] )
{
set_kb_item(name: 'www/'+port+'/SQLInjection', value: TRUE);
security_hole(port);
}
}
else audit(AUDIT_WEB_SERVER_NOT_AFFECTED, port);
Related for WEBCALENDAR_SQL2.NASL