chipmunk_forum_xss.nasl

来自「漏洞扫描源码,可以扫描linux,windows,交换机路由器」· NASL 代码 · 共 81 行

#
# Script Written By Ferdy Riphagen
# <f(dot)riphagen(at)nsec(dot)nl>
#
# This script is released under the GNU GPLv2
#

if (description) {
script_id(200004);
script_version("$Revision: 1.0 $");

script_bugtraq_id(15149);

name["english"] = "Chipmunk Forum <= 1.3 Cross-Site Scripting Vulnerability";

script_name(english:name["english"]);

desc["english"] = "
Synopsis :

The remote host contains a PHP script that is vulnerable to cross-site
scripting attacks.

Description :

The remote host appears to be running Chipmunk Forum.

A vulnerability was identified in Chipmunk Forum version 1.3 and prior, which may be exploited by
remote attackers to execute script code by the user's browser.

See also :

http://www.frsirt.com/english/advisories/2005/2172

Solution :

Unknown at this time.

Risk factor :

Low";
script_description(english:desc["english"]);

summary["english"] = "Check if Chipmunk is vulnerable to cross-site scripting attacks.";
script_summary(english:summary["english"]);

script_category(ACT_GATHER_INFO);
script_family(english:"CGI abuses : XSS");

script_copyright(english:"This script is Copyright (C) 2005 Ferdy Riphagen");

script_dependencie("http_version.nasl");
script_require_ports("Services/www", 80);

exit(0);
}

include("http_func.inc");
include("http_keepalive.inc");
include("global_settings.inc");
include("url_func.inc");

port = get_http_port(default:80);
if (!get_port_state(port)) exit(0);
if (!can_host_php(port:port)) exit(0);
if (get_kb_item("www/", port, "/generic_xss")) exit(0);

xss = "'</a><IFRAME SRC=javascript:alert(%27XSS%20DETECTED%20BY%20NESSUS%27)></IFRAME>";
exss = urlencode(str:xss);

#if (thorough_tests) dirs = make_list("/board", "/forum", "/", cgi_dirs());
#else dirs = make_list(cgi_dirs());

dirs = make_list("/chipmunk");

foreach dir (dirs)
{
 res = http_get_cache(item:string(dir, "/index.php"), port:port);
 if (res == NULL) exit(0);

 if (egrep(pattern:">Powered by