Lucene search

K

MySQL Eventum Multiple flaws

🗓️ 03 Nov 2005 00:00:00Reported by Copyright (C) 2005 David MaciejakType 
openvas
 openvas
🔗 plugins.openvas.org👁 5 Views

The remote host is running MySQL Eventum, a user-friendly and flexible issue tracking system written in PHP and is vulnerable to cross-site scripting attacks through multiple scripts. With a specially crafted URL, an attacker can use the remote server to perform an attack against third party users of the remote service, in order to steal their credentials

Show more
Refs
Code
SourceLink
securityfocuswww.securityfocus.com/bid/12133
# SPDX-FileCopyrightText: 2005 David Maciejak
# Some text descriptions might be excerpted from (a) referenced
# source(s), and are Copyright (C) by the respective right holder(s).
#
# SPDX-License-Identifier: GPL-2.0-only

#  Ref: Sullo

if(description)
{
  script_oid("1.3.6.1.4.1.25623.1.0.16093");
  script_version("2023-12-13T05:05:23+0000");
  script_tag(name:"last_modification", value:"2023-12-13 05:05:23 +0000 (Wed, 13 Dec 2023)");
  script_tag(name:"creation_date", value:"2005-11-03 14:08:04 +0100 (Thu, 03 Nov 2005)");
  script_xref(name:"URL", value:"http://www.securityfocus.com/bid/12133");
  script_tag(name:"cvss_base", value:"4.3");
  script_tag(name:"cvss_base_vector", value:"AV:N/AC:M/Au:N/C:N/I:P/A:N");
  script_name("MySQL Eventum Multiple flaws");
  script_category(ACT_ATTACK);
  script_family("Web application abuses");
  script_copyright("Copyright (C) 2005 David Maciejak");
  script_dependencies("find_service.nasl", "no404.nasl", "webmirror.nasl", "DDI_Directory_Scanner.nasl", "gb_php_http_detect.nasl", "cross_site_scripting.nasl", "global_settings.nasl");
  script_require_ports("Services/www", 80);
  script_exclude_keys("Settings/disable_cgi_scanning");

  script_tag(name:"solution", value:"No known solution was made available for at least one year since the disclosure
  of this vulnerability. Likely none will be provided anymore. General solution options are to upgrade to a newer release,
  disable respective features, remove the product or replace the product by another one.");

  script_tag(name:"summary", value:"The remote host seems to be running MySQL Eventum, a user-friendly
  and flexible issue tracking system written in PHP.

  The remote version of this software is vulnerable to cross-site scripting
  attacks, through multiple scripts.

  With a specially crafted URL, an attacker can use the remote server to
  perform an attack against third party users of the remote service, in order
  to steal their credentials.");

  script_tag(name:"solution_type", value:"WillNotFix");
  script_tag(name:"qod_type", value:"remote_vul");

  exit(0);
}

include("http_func.inc");
include("http_keepalive.inc");
include("port_service_func.inc");
include("list_array_func.inc");

port = http_get_port( default:80 );
if( ! http_can_host_php( port:port ) ) exit( 0 );

host = http_host_name( dont_add_port:TRUE );
if( http_get_has_generic_xss( port:port, host:host ) ) exit( 0 );

foreach dir( make_list_unique( "/", http_cgi_dirs( port:port ) ) ) {

  if( dir == "/" ) dir = "";
  url = dir + "/index.php?err=3&email=<script>foo</script>";

  if( http_vuln_check( port:port, url:url, pattern:"<title>Login - Eventum</title>", extra_check:"<script>foo</script>", check_header:TRUE ) ) {
    report = http_report_vuln_url( port:port, url:url );
    security_message( port:port, data:report );
    exit( 0 );
  }
}

exit( 99 );

Transform Your Security Services

Elevate your offerings with Vulners' advanced Vulnerability Intelligence. Contact us for a demo and discover the difference comprehensive, actionable intelligence can make in your security strategy.

Book a live demo