CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:L/Au:N/C:N/I:P/A:N
EPSS
Percentile
91.3%
The remote host is running Justice Guestbook.
This set of CGI has two vulnerabilities :
#%NASL_MIN_LEVEL 70300
#
# (C) Tenable Network Security, Inc.
#
# Ref:
# From: "euronymous" <[email protected]>
# To: [email protected], [email protected]
# Subject: Justice Guestbook 1.3 vulnerabilities
include('deprecated_nasl_level.inc');
include('compat.inc');
if(description)
{
script_id(11501);
script_version("1.22");
script_cve_id("CVE-2003-1534", "CVE-2003-1535");
script_bugtraq_id(7233, 7234);
script_name(english:"Justice Guestbook 1.3 Multiple Vulnerabilities");
script_set_attribute(attribute:"synopsis", value:
"The remote web server is hosting a PHP script that is affected by
multiple vulnerabilities." );
script_set_attribute(attribute:"description", value:
"The remote host is running Justice Guestbook.
This set of CGI has two vulnerabilities :
- It is vulnerable to cross-site scripting attacks
(in jgb.php3).
- If the user requests the file cfooter.php3, he will
obtain the physical path of the remote CGI.
An attacker may use these flaws to steal the cookies of your users
or to gain better knowledge about this host." );
script_set_attribute(attribute:"see_also", value:
"http://securityreason.com/securityalert/3347");
script_set_attribute(attribute:"solution", value:
"There is no known solution at this time." );
script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:N/I:P/A:N");
script_set_cvss_temporal_vector("CVSS2#E:H/RL:U/RC:ND");
script_set_attribute(attribute:"exploitability_ease", value:"No exploit is required");
script_set_attribute(attribute:"exploit_available", value:"true");
script_cwe_id(79, 200);
script_set_attribute(attribute:"plugin_publication_date", value: "2003/03/30");
script_set_attribute(attribute:"plugin_modification_date", value:"2021/01/19");
script_set_attribute(attribute:"plugin_type", value:"remote");
script_end_attributes();
script_summary(english:"Checks for the presence of cfooter.php3");
script_category(ACT_GATHER_INFO);
script_copyright(english:"This script is Copyright (C) 2003-2021 Tenable Network Security, Inc.");
script_family(english:"CGI abuses");
script_dependencie("http_version.nasl");
script_require_ports("Services/www", 80);
script_exclude_keys("Settings/disable_cgi_scanning");
script_require_keys("www/PHP");
exit(0);
}
#
# The script code starts here
#
include("global_settings.inc");
include("misc_func.inc");
include("http.inc");
port = get_http_port(default:80);
if(!can_host_php(port:port)) exit(0);
gdir = make_list(cgi_dirs());
dirs = make_list("", "/guestbook");
foreach d (gdir)
{
dirs = make_list(dirs, string(d, "/guestbook"), d);
}
foreach dir (dirs)
{
r = http_send_recv3(method: "GET", item:string(dir, "/cfooter.php3"), port:port);
if (isnull(r)) exit(0);
if(egrep(pattern:"getsets().*cfooter\.php3", string:r[2]))
{
security_warning(port);
set_kb_item(name: 'www/'+port+'/XSS', value: TRUE);
exit(0);
}
}