Vulnerabilities > CVE-2002-0923 - Unspecified vulnerability in Cgiscript.Net Csnews 1.0/1.0Professional

047910
CVSS 0.0 - NONE
Attack vector
UNKNOWN
Attack complexity
UNKNOWN
Privileges required
UNKNOWN
Confidentiality impact
UNKNOWN
Integrity impact
UNKNOWN
Availability impact
UNKNOWN
cgiscript-net
nessus
exploit available
NVD
Published: 2002-10-04
Updated: 2024-11-20

Summary

CGIScript.net csNews.cgi allows remote authenticated users to read arbitrary files, and possibly gain privileges, via the (1) pheader or (2) pfooter parameters in the "Advanced Settings" capability.

Vulnerable Configurations

Part Description Count
Application
Cgiscript.Net
2

Exploit-Db

descriptionCGIScript.net csNews 1.0 Header File Type Restriction Bypass Vulnerability. CVE-2002-0923. Webapps exploit for cgi platform
idEDB-ID:21533
last seen2016-02-02
modified2002-06-11
published2002-06-11
reporterSteve Gustin
sourcehttps://www.exploit-db.com/download/21533/
titleCGIScript.net csNews 1.0 Header File Type Restriction Bypass Vulnerability

Nessus

NASL familyCGI abuses
NASL idCSNEWS.NASL
descriptionThe CSNews.cgi exists on this web server. Some versions of this file are vulnerable to remote exploit. An attacker can submit a specially crafted web form, which can display the
last seen2020-06-01
modified2020-06-02
plugin id11726
published2003-06-11
reporterThis script is Copyright (C) 2003-2018 John Lampe
sourcehttps://www.tenable.com/plugins/nessus/11726
titleCGIScript.net csNews.cgi Advanced Settings Multiple Parameter Arbitrary File Retrieval
code
#
# This script was written by John [email protected]
#
# See the Nessus Scripts License for details
#

# Changes by Tenable:
# - Revised plugin title (4/15/009)

include("compat.inc");

if (description)
{
 script_id(11726);
 script_version("1.25");
 script_set_attribute(attribute:"plugin_modification_date", value:"2020/06/12");

 script_cve_id("CVE-2002-0923");
 script_bugtraq_id(4994);

 script_name(english:"CGIScript.net csNews.cgi Advanced Settings Multiple Parameter Arbitrary File Retrieval");
 script_summary(english:"Checks for the csnews.cgi file");

 script_set_attribute(attribute:"synopsis", value:
"The remote web server is hosting a CGI application that is affected by
an information disclosure vulnerability.");
 script_set_attribute(attribute:"description", value:
"The CSNews.cgi exists on this web server. Some versions of this file
are vulnerable to remote exploit. An attacker can submit a specially
crafted web form, which can display the 'setup.cgi' file that contains
the superuser name and password.");
 script_set_attribute(attribute:"see_also", value:"https://seclists.org/bugtraq/2002/Jun/97");
 script_set_attribute(attribute:"solution", value:"There is no known solution at this time.");
 script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P");
 script_set_cvss_temporal_vector("CVSS2#E:F/RL:U/RC:ND");
 script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
 script_set_attribute(attribute:"exploit_available", value:"true");

 script_set_attribute(attribute:"vuln_publication_date", value:"2002/06/11");
 script_set_attribute(attribute:"plugin_publication_date", value:"2003/06/11");

 script_set_attribute(attribute:"potential_vulnerability", value:"true");
 script_set_attribute(attribute:"plugin_type", value:"remote");
 script_end_attributes();

 script_category(ACT_GATHER_INFO);
 script_copyright(english:"This script is Copyright (C) 2003-2020 John Lampe");
 script_family(english:"CGI abuses");

 script_dependencie("http_version.nasl");
 script_exclude_keys("Settings/disable_cgi_scanning");
 script_require_keys("Settings/ParanoidReport");
 script_require_ports("Services/www", 80);

 exit(0);
}

include("audit.inc");
include("http_func.inc");
include("http_keepalive.inc");
include("global_settings.inc");

if (report_paranoia < 2) audit(AUDIT_PARANOID);

port = get_http_port(default:80, embedded:TRUE);
if(!get_port_state(port))exit(0);
banner = get_http_banner(port:port);
if ( ! banner || "Server: Microsoft/IIS" >!< banner ) exit(0);

flag = 0;
directory = "";

foreach dir (cgi_dirs()) {
   if(is_cgi_installed_ka(item:string(dir, "/csNews.cgi"), port:port)) {
  	flag = 1;
  	directory = dir;
  	break;
   }
}

if (flag) security_hole(port);

References