Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
openvasThis script is Copyright (C) 2004 Edgeos, Inc.OPENVAS:12198
HistoryNov 03, 2005 - 12:00 a.m.

Ultimate PHP Board Information Leak

2005-11-0300:00:00
This script is Copyright (C) 2004 Edgeos, Inc.
plugins.openvas.org
17

0.004 Low

EPSS

Percentile

73.7%

JSON

The remote host is running Ultimate PHP Board (UPB).

There is a flaw in this version which may allow an attacker to view
private message board information.

# OpenVAS Vulnerability Test
# $Id: upb_info_leak.nasl 5780 2017-03-30 07:37:12Z cfi $
# Description: Ultimate PHP Board Information Leak
#
# Authors:
# Erik Stephens <[email protected]>
#
# Copyright:
# Copyright (C) 2004 Edgeos, Inc.
#
# This program is free software; you can redistribute it and/or modify
# it under the terms of the GNU General Public License version 2,
# as published by the Free Software Foundation
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with this program; if not, write to the Free Software
# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
#

tag_summary = "The remote host is running Ultimate PHP Board (UPB).

There is a flaw in this version which may allow an attacker to view
private message board information.";

tag_solution = "Upgrade to the latest version (http://www.myupb.com)";

if(description)
{
  script_id(12198);
  script_version("$Revision: 5780 $");
  script_tag(name:"last_modification", value:"$Date: 2017-03-30 09:37:12 +0200 (Thu, 30 Mar 2017) $");
  script_tag(name:"creation_date", value:"2005-11-03 14:08:04 +0100 (Thu, 03 Nov 2005)");
  script_tag(name:"cvss_base", value:"5.0");
  script_tag(name:"cvss_base_vector", value:"AV:N/AC:L/Au:N/C:P/I:N/A:N");
  script_cve_id("CVE-2002-2276");
  script_bugtraq_id(6333);
  script_xref(name:"OSVDB", value:"4928");
  script_name("Ultimate PHP Board Information Leak");
  script_category(ACT_GATHER_INFO);
  script_tag(name:"qod_type", value:"remote_analysis");
  script_copyright("This script is Copyright (C) 2004 Edgeos, Inc.");
  script_family("Web application abuses");
  script_dependencies("find_service.nasl", "http_version.nasl");
  script_require_ports("Services/www", 80);
  script_exclude_keys("Settings/disable_cgi_scanning");
  script_tag(name : "solution" , value : tag_solution);
  script_tag(name : "summary" , value : tag_summary);
  exit(0);
}

include("http_func.inc");
include("http_keepalive.inc");

port = get_http_port(default:80);
if(!can_host_php(port:port)) exit(0);

foreach dir( make_list_unique( "/upb", "/board", cgi_dirs( port:port ) ) ) {

  if( dir == "/" ) dir = "";
  url = string(dir, "/db/users.dat");
  req = http_get(item:url, port:port);
  res = http_keepalive_send_recv(port:port, data:req);
  if (res == NULL) continue;

  if(egrep(pattern:"^Admin<~>", string:res)) {
    report = report_vuln_url( port:port, url:url );
    security_message( port:port, data:report );
    exit( 0 );
  }
}

exit( 99 );

References

Related

nvd 1
nessus 1
openvas 1
cve 1
cvelist 1
nvd
nvd
CVE-2002-2276
2002-12-31 05:00:00
nessus
nessus
Ultimate PHP Board add.php Direct Request Information Disclosure
2004-04-05 00:00:00
openvas
openvas
Ultimate PHP Board Information Leak
2005-11-03 00:00:00
cve
cve
CVE-2002-2276
2007-10-18 10:00:00
cvelist
cvelist
CVE-2002-2276
2007-10-18 10:00:00

0.004 Low

EPSS

Percentile

73.7%

JSON
Related for OPENVAS:12198
nvd1nessus1openvas1cve1cvelist1