CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
EPSS
Percentile
90.0%
The executables ‘redirect.exe’ and/or ‘changepw.exe’ exist on this web server. Some versions of these files are vulnerable to remote exploit.
An attacker can use this hole to gain access to confidential data or escalate their privileges on the web server.
*** As Nessus solely relied on the existence of the redirect.exe or*** changepw.exe files, this might be a false positive.
#%NASL_MIN_LEVEL 70300
#
# This script was written by John [email protected]
#
# See the Nessus Scripts License for details
#
include('deprecated_nasl_level.inc');
include('compat.inc');
if (description)
{
script_id(11723);
script_version("1.27");
script_set_attribute(attribute:"plugin_modification_date", value:"2021/01/19");
script_cve_id("CVE-2000-0401");
script_bugtraq_id(1256);
script_name(english:"PDGSoft Shopping Cart Multiple Vulnerabilities");
script_summary(english:"Checks for PDGSoft Shopping cart executables");
script_set_attribute(attribute:"synopsis", value:
"The remote host is running an application that is affected by multiple
vulnerabilities.");
script_set_attribute(attribute:"description", value:
"The executables 'redirect.exe' and/or 'changepw.exe' exist on this web
server. Some versions of these files are vulnerable to remote exploit.
An attacker can use this hole to gain access to confidential data or
escalate their privileges on the web server.
*** As Nessus solely relied on the existence of the redirect.exe or
*** changepw.exe files, this might be a false positive.");
script_set_attribute(attribute:"see_also", value:"https://marc.info/?l=bugtraq&m=95928319715983&w=2");
script_set_attribute(attribute:"solution", value:"The vendor has released a patch that addresses this issue.");
script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P");
script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
script_set_attribute(attribute:"exploit_available", value:"false");
script_set_attribute(attribute:"vuln_publication_date", value:"2000/05/25");
script_set_attribute(attribute:"plugin_publication_date", value:"2003/06/11");
script_set_attribute(attribute:"potential_vulnerability", value:"true");
script_set_attribute(attribute:"plugin_type", value:"remote");
script_end_attributes();
script_category(ACT_GATHER_INFO); # mixed
script_copyright(english:"This script is Copyright (C) 2003-2021 John Lampe");
script_family(english:"CGI abuses");
script_dependencie("http_version.nasl", "find_service1.nasl", "no404.nasl");
script_exclude_keys("Settings/disable_cgi_scanning");
script_require_keys("Settings/ParanoidReport");
script_require_ports("Services/www", 80);
exit(0);
}
include("audit.inc");
include("global_settings.inc");
include("http_func.inc");
include("http_keepalive.inc");
if (report_paranoia < 2) audit(AUDIT_PARANOID);
port = get_http_port(default:80, embedded:TRUE);
if(!get_port_state(port))exit(0);
if (get_kb_item("www/" + port + "/no404") ) exit(0);
flag = 0;
directory = "";
foreach dir (cgi_dirs()) {
if(is_cgi_installed_ka(item:string(dir, "/changepw.exe"), port:port)) {
flag = 1;
directory = dir;
break;
}
if(is_cgi_installed_ka(item:string(dir, "/redirect.exe"), port:port)) {
flag = 1;
directory = dir;
break;
}
}
if (flag) security_hole(port);