Mambo Site Server 4.0.10 XSS

Mambo Site Server 4.0.10 XSS vulnerability allows attackers to perform cross site scripting attacks and execute malicious code on the hos

Reporter	Title	Published	Views	Family All 6
CVE	CVE-2003-1203	19 May 200504:00	–	cve
Cvelist	CVE-2003-1203	19 May 200504:00	–	cvelist
EUVD	EUVD-2003-1193	7 Oct 202500:30	–	euvd
Tenable Nessus	Mambo Site Server 4.0.10 XSS	22 Mar 200300:00	–	nessus
NVD	CVE-2003-1203	18 Mar 200305:00	–	nvd
OpenVAS	Mambo Site Server 4.0.10 XSS Vulnerability - Active Check	3 Nov 200500:00	–	openvas

# OpenVAS Vulnerability Test
# $Id: mambo_xss.nasl 9087 2018-03-12 17:24:24Z cfischer $
# Description: Mambo Site Server 4.0.10 XSS
#
# Authors:
# K-Otik.com <[email protected]>
# Updated: 04/07/2009
# Antu Sanadi <[email protected]>
#
# Copyright:
# Copyright (C) 2003 k-otik.com
#
# This program is free software; you can redistribute it and/or modify
# it under the terms of the GNU General Public License version 2,
# as published by the Free Software Foundation
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with this program; if not, write to the Free Software
# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
#

tag_summary = "An attacker may use the installed version of Mambo Site Server to
  perform a cross site scripting attack on this host.";

tag_solution = "Upgrade to a newer version.";

#  Message-ID: <[email protected]>
#  From: Ertan Kurt <[email protected]>
#  To: <[email protected]>
#  Subject: Some XSS vulns </archive/1/315554/2003-03-19/2003-03-25/1>

if(description)
{
  script_id(11441);
  script_version("$Revision: 9087 $");
  script_tag(name:"last_modification", value:"$Date: 2018-03-12 18:24:24 +0100 (Mon, 12 Mar 2018) $");
  script_tag(name:"creation_date", value:"2005-11-03 14:08:04 +0100 (Thu, 03 Nov 2005)");
  script_cve_id("CVE-2003-1203");
  script_bugtraq_id(7135);
  script_tag(name:"cvss_base", value:"4.3");
  script_tag(name:"cvss_base_vector", value:"AV:N/AC:M/Au:N/C:N/I:P/A:N");
  script_name("Mambo Site Server 4.0.10 XSS");

  script_category(ACT_ATTACK);
  script_tag(name:"qod_type", value:"remote_vul");
  script_family("Web application abuses");
  script_copyright("This script is Copyright (C) 2003 k-otik.com");
  script_dependencies("mambo_detect.nasl", "cross_site_scripting.nasl");
  script_require_ports("Services/www", 80);
  script_tag(name : "solution" , value : tag_solution);
  script_tag(name : "summary" , value : tag_summary);
  exit(0);
}



include("http_func.inc");
include("http_keepalive.inc");

port = get_http_port(default:80);

if(!get_port_state(port)){
  exit(0);
}

version=get_kb_item(string("www/", port, "/mambo_mos"));
if(!version){
   exit(0);
}

matches = eregmatch(string:version, pattern:"^(.+) under (/.*)$");
if(!imatches){
  exit(0);
}

dir = matches[2];
url = string(dir, "/index.php?option=search&searchword=<script>alert(document.cookie);</script>");
req = http_get(item:url, port:port);
resp = http_keepalive_send_recv(port:port, data:req);
if(!resp){
  exit(0);
}

if(resp =~ "HTTP/1\.. 200" && "<script>alert(document.cookie);</script>" >< resp)
  security_message(port);

12 Mar 2018 00:00Current

6Medium risk

Vulners AI Score6

EPSS0.00524