Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
openvasCopyright (C) 2011 Greenbone AGOPENVAS:1361412562310801990
HistoryOct 20, 2011 - 12:00 a.m.

Eclime Multiple SQL Injection and Cross-site Scripting Vulnerabilities

2011-10-2000:00:00
Copyright (C) 2011 Greenbone AG
plugins.openvas.org
7

7.5 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

7 High

AI Score

Confidence

Low

0.021 Low

EPSS

Percentile

89.2%

JSON

Eclime is prone to multiple cross site scripting and SQL injection vulnerabilities.

# SPDX-FileCopyrightText: 2011 Greenbone AG
# Some text descriptions might be excerpted from (a) referenced
# source(s), and are Copyright (C) by the respective right holder(s).
#
# SPDX-License-Identifier: GPL-2.0-only

if(description)
{
  script_oid("1.3.6.1.4.1.25623.1.0.801990");
  script_version("2023-12-13T05:05:23+0000");
  script_tag(name:"last_modification", value:"2023-12-13 05:05:23 +0000 (Wed, 13 Dec 2023)");
  script_tag(name:"creation_date", value:"2011-10-20 08:43:23 +0200 (Thu, 20 Oct 2011)");
  script_cve_id("CVE-2010-4851", "CVE-2010-4852");
  script_tag(name:"cvss_base", value:"7.5");
  script_tag(name:"cvss_base_vector", value:"AV:N/AC:L/Au:N/C:P/I:P/A:P");
  script_name("Eclime Multiple SQL Injection and Cross-site Scripting Vulnerabilities");
  script_category(ACT_ATTACK);
  script_copyright("Copyright (C) 2011 Greenbone AG");
  script_family("Web application abuses");
  script_dependencies("find_service.nasl", "no404.nasl", "webmirror.nasl", "DDI_Directory_Scanner.nasl", "gb_php_http_detect.nasl", "global_settings.nasl");
  script_require_ports("Services/www", 80);
  script_exclude_keys("Settings/disable_cgi_scanning");

  script_xref(name:"URL", value:"http://www.exploit-db.com/exploits/15644/");
  script_xref(name:"URL", value:"http://www.securityfocus.com/bid/45124");
  script_xref(name:"URL", value:"http://securityreason.com/securityalert/8399");
  script_xref(name:"URL", value:"https://www.htbridge.ch/advisory/sql_injection_in_eclime.html");
  script_xref(name:"URL", value:"https://www.htbridge.ch/advisory/sql_injection_in_eclime_1.html");
  script_xref(name:"URL", value:"https://www.htbridge.ch/advisory/sql_injection_in_eclime_2.html");

  script_tag(name:"impact", value:"Successful exploitation will let attackers to execute arbitrary
  script code or to compromise the application, access or modify data, or exploit
  latent vulnerabilities in the underlying database.");

  script_tag(name:"affected", value:"Eclime version 1.1.2b");

  script_tag(name:"insight", value:"Multiple flaws are due to an:

  - Input passed via the parameters 'ref', ' poll_id' in 'index.php' and the
  parameter 'country' in 'create_account.php' script is not properly
  sanitised before being used in SQL queries.

  - Input passed via the parameter 'login' in 'login.php' script is not
  sanitized allowing the attacker to execute HTML code.");

  script_tag(name:"solution", value:"No known solution was made available for at least one year
  since the disclosure of this vulnerability. Likely none will be provided anymore.
  General solution options are to upgrade to a newer release, disable respective
  features, remove the product or replace the product by another one.");

  script_tag(name:"summary", value:"Eclime is prone to multiple cross site scripting and SQL injection vulnerabilities.");

  script_tag(name:"qod_type", value:"remote_analysis");

  script_tag(name:"solution_type", value:"WillNotFix");
  exit(0);
}

include("http_func.inc");
include("http_keepalive.inc");
include("port_service_func.inc");
include("list_array_func.inc");

port = http_get_port( default:80 );
if( ! http_can_host_php( port:port ) ) exit( 0 );

foreach dir( make_list_unique( "/eclime", "/eclime/catalog", "/", http_cgi_dirs( port:port ) ) ) {

  if( dir == "/" ) dir = "";
  res = http_get_cache( item:dir + "/index.php", port:port );

  if( ">eclime</" >< res && '> e-commerce software.<' >< res ) {

    url = dir + '/login.php?login=fail&reason=<script>alert(document.cookie);</script>';
    if( http_vuln_check( port:port, url:url, pattern:"<script>alert\(document\.cookie\);</script>", check_header:TRUE ) ) {
      report = http_report_vuln_url( port:port, url:url );
      security_message( port:port, data:report );
      exit( 0 );
    }

    url = dir + "/?ref='";
    if( http_vuln_check( port:port, url:url, pattern:"You have an error in your SQL syntax;" ) ) {
      report = http_report_vuln_url( port:port, url:url );
      security_message( port:port, data:report );
      exit( 0 );
    }
  }
}

exit( 99 );

Related

openvas 1
htbridge 1
cve 2
nessus 1
prion 2
cvelist 2
nvd 2
openvas
openvas
Eclime Multiple SQL Injection and Cross-site Scripting Vulnerabilities
2011-10-20 00:00:00
htbridge
htbridge
Multiple Vulnerabilities in Eclime
2010-11-16 00:00:00
cve
cve
CVE-2010-4851
2011-09-27 10:55:05
CVE-2010-4852
2011-09-27 10:55:05
nessus
nessus
eclime index.php ref Parameter SQL Injection
2010-12-13 00:00:00
prion
prion
Sql injection
2011-09-27 10:55:00
Cross site scripting
2011-09-27 10:55:00
cvelist
cvelist
CVE-2010-4851
2011-09-27 10:00:00
CVE-2010-4852
2011-09-27 10:00:00
nvd
nvd
CVE-2010-4851
2011-09-27 10:55:05
CVE-2010-4852
2011-09-27 10:55:05

7.5 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

7 High

AI Score

Confidence

Low

0.021 Low

EPSS

Percentile

89.2%

JSON
Related for OPENVAS:1361412562310801990
openvas1htbridge1cve2nessus1prion2cvelist2nvd2