Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
openvasCopyright (C) 2005 Noam RathausOPENVAS:136141256231016388
HistoryNov 03, 2005 - 12:00 a.m.

Credit Card Data Disclosure in CitrusDB

2005-11-0300:00:00
Copyright (C) 2005 Noam Rathaus
plugins.openvas.org
24

6.6 Medium

AI Score

Confidence

Low

0.055 Low

EPSS

Percentile

93.2%

JSON

CitrusDB uses a textfile to temporarily store credit card information.

This textfile is located in the web tree via a static URL and thus accessible to third parties.
It also isn

# SPDX-FileCopyrightText: 2005 Noam Rathaus
# Some text descriptions might be excerpted from (a) referenced
# source(s), and are Copyright (C) by the respective right holder(s).
#
# SPDX-License-Identifier: GPL-2.0-only

if(description)
{
  script_oid("1.3.6.1.4.1.25623.1.0.16388");
  script_version("2023-08-01T13:29:10+0000");
  script_tag(name:"last_modification", value:"2023-08-01 13:29:10 +0000 (Tue, 01 Aug 2023)");
  script_tag(name:"creation_date", value:"2005-11-03 14:08:04 +0100 (Thu, 03 Nov 2005)");
  script_xref(name:"URL", value:"http://www.securityfocus.com/bid/12402");
  script_cve_id("CVE-2005-0229");
  script_tag(name:"cvss_base", value:"5.0");
  script_tag(name:"cvss_base_vector", value:"AV:N/AC:L/Au:N/C:P/I:N/A:N");
  script_name("Credit Card Data Disclosure in CitrusDB");
  script_category(ACT_GATHER_INFO);
  script_copyright("Copyright (C) 2005 Noam Rathaus");
  script_family("Web application abuses");
  script_dependencies("find_service.nasl", "no404.nasl", "webmirror.nasl", "DDI_Directory_Scanner.nasl", "global_settings.nasl");
  script_require_ports("Services/www", 80);
  script_exclude_keys("Settings/disable_cgi_scanning");

  script_tag(name:"solution", value:"Update to CitrusDB version 0.3.6 or higher and set the
  option '$path_to_ccfile' in the configuration to a path not accessible via HTTP.

  Workaround : Either deny access to the file using access restriction
  features of the remote webserver or change CitrusDB to use a file
  outside the document root and not accessible via HTTP.");

  script_tag(name:"summary", value:"CitrusDB uses a textfile to temporarily store credit card information.

  This textfile is located in the web tree via a static URL and thus accessible to third parties.
  It also isn't deleted after processing resulting in a big window of opportunity for an attacker.");

  script_tag(name:"solution_type", value:"VendorFix");
  script_tag(name:"qod_type", value:"remote_app");

  exit(0);
}

include("http_func.inc");
include("http_keepalive.inc");
include("port_service_func.inc");
include("list_array_func.inc");

port = http_get_port(default:80);

foreach dir (make_list_unique("/io", http_cgi_dirs(port:port))) {

  if(dir == "/")
    dir = "";

  url = dir + "/newfile.txt";
  req = http_get(item:url, port:port);
  r = http_keepalive_send_recv(port:port, data:req, bodyonly: TRUE);
  if(!r)
    continue;

  if('"CHARGE","' >< r) {
    report = http_report_vuln_url(port:port, url:url);
    security_message(port:port, data:report);
    exit(0);
  }
}

exit(99);

Related

securityvulns 2
cve 1
cvelist 1
securityvulns
securityvulns
[Full-Disclosure] Credit Card data disclosure in CitrusDB
2005-02-14 00:00:00
[Full-Disclosure] Advisory: Upload Authorization bypass in CitrusDB
2005-02-15 00:00:00
cve
cve
CVE-2005-0229
2005-04-27 04:00:00
cvelist
cvelist
CVE-2005-0229
2005-02-14 05:00:00

6.6 Medium

AI Score

Confidence

Low

0.055 Low

EPSS

Percentile

93.2%

JSON
Related for OPENVAS:136141256231016388
securityvulns2cve1cvelist1