Lucene search
Copyright (C) 2005 David MaciejakOPENVAS:136141256231019751HistoryMar 26, 2006 - 12:00 a.m.
Discuz! <= 4.0.0 rc4 Arbitrary File Upload Flaw
2006-03-2600:00:00
Copyright (C) 2005 David Maciejak
plugins.openvas.org
21
6.8 Medium
AI Score
Confidence
Low
7.5 High
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
0.149 Low
EPSS
Percentile
95.7%
According to its version, the installation of Discuz! on the remote host
fails to properly check for multiple extensions in uploaded files.
# SPDX-FileCopyrightText: 2005 David Maciejak
# Some text descriptions might be excerpted from (a) referenced
# source(s), and are Copyright (C) by the respective right holder(s).
#
# SPDX-License-Identifier: GPL-2.0-only
if(description)
{
script_oid("1.3.6.1.4.1.25623.1.0.19751");
script_version("2023-12-13T05:05:23+0000");
script_tag(name:"last_modification", value:"2023-12-13 05:05:23 +0000 (Wed, 13 Dec 2023)");
script_tag(name:"creation_date", value:"2006-03-26 17:55:15 +0200 (Sun, 26 Mar 2006)");
script_cve_id("CVE-2005-2614");
script_tag(name:"cvss_base", value:"7.5");
script_tag(name:"cvss_base_vector", value:"AV:N/AC:L/Au:N/C:P/I:P/A:P");
script_name("Discuz! <= 4.0.0 rc4 Arbitrary File Upload Flaw");
script_category(ACT_GATHER_INFO);
script_copyright("Copyright (C) 2005 David Maciejak");
script_family("Gain a shell remotely");
script_dependencies("find_service.nasl", "no404.nasl", "webmirror.nasl", "DDI_Directory_Scanner.nasl", "gb_php_http_detect.nasl", "global_settings.nasl");
script_require_ports("Services/www", 80);
script_exclude_keys("Settings/disable_cgi_scanning");
script_xref(name:"URL", value:"http://archives.neohapsis.com/archives/fulldisclosure/2005-08/0440.html");
script_xref(name:"URL", value:"http://www.securityfocus.com/bid/14564");
script_tag(name:"solution", value:"Upgrade to the latest version of this software.");
script_tag(name:"summary", value:"According to its version, the installation of Discuz! on the remote host
fails to properly check for multiple extensions in uploaded files.");
script_tag(name:"impact", value:"An attacker may be able to exploit this issue to execute arbitrary commands
on the remote host subject to the privileges of the web server user id, typically nobody.");
script_tag(name:"qod_type", value:"remote_banner");
script_tag(name:"solution_type", value:"VendorFix");
exit(0);
}
include("http_func.inc");
include("http_keepalive.inc");
include("port_service_func.inc");
include("list_array_func.inc");
port = http_get_port(default:80);
if( ! http_can_host_php(port:port) )
exit(0);
foreach dir( make_list_unique( "/discuz", http_cgi_dirs( port:port ) ) ) {
if( dir == "/" )
dir = "";
url = string(dir, "/index.php");
r = http_get_cache(item:url, port:port);
if(!r)
continue;
if(("powered by Discuz!</title>" >< r) && egrep(pattern:'<meta name="description" content=.+Powered by Discuz! Board ([1-3]|4\\.0\\.0RC[0-4])', string:r)) {
report = http_report_vuln_url( port:port, url:url );
security_message( port:port, data:report );
exit( 0 );
}
}
exit( 99 );
Related
openvas
openvas
Discuz! <= 4.0.0 rc4 Arbitrary File Upload Flaw
2006-03-26 00:00:00
nessus
nessus
Discuz! <= 4.0.0 rc4 Arbitrary File Upload
2005-09-19 00:00:00
cve
cve
CVE-2005-2614
2005-08-17 04:00:00
6.8 Medium
AI Score
Confidence
Low
7.5 High
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
0.149 Low
EPSS
Percentile
95.7%
Related for OPENVAS:136141256231019751