Lucene search
+L

PowerPortal Path Dislcosure

🗓️ 03 Nov 2005 00:00:00Reported by Copyright (C) 2004 Noam RathausType 
openvas
 openvas
🔗 plugins.openvas.org👁 18 Views

The remote host is using PowerPortal, a content management system, written in PHP. A vulnerability exists in the remote version of this product which may allow a remote attacker to cause the product to disclose the path it is installed under. An attacker may use this flaw to gain more knowledge about the setup of the remote host, and therefore prepare better attacks

Related
Refs
Code
ReporterTitlePublishedViews
Family
CVE
CVE-2004-0662
13 Jul 200404:00
cve
CVE
CVE-2004-0664
13 Jul 200404:00
cve
Cvelist
CVE-2004-0662
13 Jul 200404:00
cvelist
Cvelist
CVE-2004-0664
13 Jul 200404:00
cvelist
EUVD
EUVD-2004-0661
7 Oct 202500:30
euvd
EUVD
EUVD-2004-0663
7 Oct 202500:30
euvd
NVD
CVE-2004-0662
6 Aug 200404:00
nvd
NVD
CVE-2004-0664
6 Aug 200404:00
nvd
SourceLink
securityfocuswww.securityfocus.com/bid/10622
# SPDX-FileCopyrightText: 2004 Noam Rathaus
# Some text descriptions might be excerpted from (a) referenced
# source(s), and are Copyright (C) by the respective right holder(s).
#
# SPDX-License-Identifier: GPL-2.0-only

# From: "DarkBicho" <[email protected]>
# Subject: Multiple vulnerabilities PowerPortal
# Date: 28.6.2004 03:42

if(description)
{
  script_oid("1.3.6.1.4.1.25623.1.0.12292");
  script_version("2023-12-13T05:05:23+0000");
  script_tag(name:"last_modification", value:"2023-12-13 05:05:23 +0000 (Wed, 13 Dec 2023)");
  script_tag(name:"creation_date", value:"2005-11-03 14:08:04 +0100 (Thu, 03 Nov 2005)");
  script_cve_id("CVE-2004-0662", "CVE-2004-0664");
  script_xref(name:"URL", value:"http://www.securityfocus.com/bid/10622");
  script_tag(name:"cvss_base", value:"5.0");
  script_tag(name:"cvss_base_vector", value:"AV:N/AC:L/Au:N/C:P/I:N/A:N");
  script_name("PowerPortal Path Dislcosure");
  script_category(ACT_ATTACK);
  script_copyright("Copyright (C) 2004 Noam Rathaus");
  script_family("Web application abuses");
  script_dependencies("find_service.nasl", "no404.nasl", "webmirror.nasl", "DDI_Directory_Scanner.nasl", "gb_php_http_detect.nasl", "global_settings.nasl");
  script_require_ports("Services/www", 80);
  script_exclude_keys("Settings/disable_cgi_scanning");

  script_tag(name:"solution_type", value:"VendorFix");

  script_tag(name:"solution", value:"Upgrade to the latest version of this software.");

  script_tag(name:"summary", value:"The remote host is using PowerPortal, a content management system,
  written in PHP.

  A vulnerability exists in the remote version of this product which may allow a remote attacker to
  cause the product to disclose the path it is installed under. An attacker may use this flaw to
  gain more knowledge about the setup of the remote host, and therefore prepare better attacks.");

  script_tag(name:"qod_type", value:"remote_analysis");

  exit(0);
}

include("http_func.inc");
include("http_keepalive.inc");
include("port_service_func.inc");
include("list_array_func.inc");

port = http_get_port( default:80 );
if( ! http_can_host_php( port:port ) ) exit( 0 );

foreach dir( make_list_unique( "/", http_cgi_dirs( port:port ) ) ) {

  if( dir == "/" ) dir = "";
  url = dir + "/modules.php?name=gallery&files=foobar";

  if( http_vuln_check( port:port, url:url, pattern:"Warning:", extra_check:make_array("opendir", "failed to open dir: No such file or directory in" ) ) ) {
    report = http_report_vuln_url( port:port, url:url );
    security_message( port:port, data:report );
    exit( 0 );
  }
}

exit( 99 );

Data

Build on a solid foundation with Vulners data

We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data

Api

Power your application with Vulners API

The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access

App

Assess and manage vulnerabilities with Vulners tools

Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation

13 Dec 2023 00:00Current
6.7Medium risk
Vulners AI Score6.7
CVSS 25
EPSS0.07266
18