Dig htsearch

CVSS 4.3 - MEDIUM

Attack vector

NETWORK

Attack complexity

MEDIUM

Privileges required

NONE

Confidentiality impact

NONE

Integrity impact

PARTIAL

Availability impact

NONE

network

htdig

nessus

NVD

Published: 2002-12-31

Updated: 2008-09-05

Summary

Cross-site scripting (XSS) vulnerability in htsearch.cgi in htdig (ht://Dig) 3.1.5, 3.1.6, and 3.2 allows remote attackers to inject arbitrary web script or HTML via the words parameter.

Vulnerable Configurations

Part	Description	Count
Application	Htdig Htdig Htdig 3.1.5 Htdig Htdig 3.1.6 Htdig Htdig 3.2.0 Htdig Htdig 3.2.0B3	4

Nessus

NASL family	CGI abuses : XSS
NASL id	HTDIG_XSS.NASL
description	The
last seen	2020-06-01
modified	2020-06-02
plugin id	15706
published	2004-11-13
reporter	This script is Copyright (C) 2004-2018 Tenable Network Security, Inc.
source	https://www.tenable.com/plugins/nessus/15706
title	ht://Dig htsearch.cgi words Parameter XSS
code	# # (C) Tenable Network Security, Inc. # include("compat.inc"); if (description) { script_id(15706); script_version("1.22"); script_set_attribute(attribute:"plugin_modification_date", value:"2020/06/12"); script_cve_id("CVE-2002-2010"); script_bugtraq_id(5091); script_name(english:"ht://Dig htsearch.cgi words Parameter XSS"); script_summary(english:"Checks if ht://Dig is vulnerable to XSS flaw in htsearch.cgi"); script_set_attribute(attribute:"synopsis", value: "The remote contains a search engine that is affected by a cross-site scripting vulnerability."); script_set_attribute(attribute:"description", value: "The 'htsearch' CGI, which is part of the ht://Dig package, is vulnerable to cross-site scripting attacks, through the 'words' variable. With a specially crafted URL, an attacker can cause arbitrary code execution resulting in a loss of integrity."); script_set_attribute(attribute:"see_also", value:"https://seclists.org/bugtraq/2002/Jun/327"); script_set_attribute(attribute:"solution", value:"There is no known solution at this time."); script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:N/I:P/A:N"); script_set_cvss_temporal_vector("CVSS2#E:H/RL:U/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"No exploit is required"); script_set_attribute(attribute:"exploit_available", value:"false"); script_cwe_id(20, 74, 79, 442, 629, 711, 712, 722, 725, 750, 751, 800, 801, 809, 811, 864, 900, 928, 931, 990); script_set_attribute(attribute:"vuln_publication_date", value:"2002/06/26"); script_set_attribute(attribute:"plugin_publication_date", value:"2004/11/13"); script_set_attribute(attribute:"potential_vulnerability", value:"true"); script_set_attribute(attribute:"plugin_type", value:"remote"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2004-2020 Tenable Network Security, Inc."); script_family(english:"CGI abuses : XSS"); script_dependencie("cross_site_scripting.nasl"); script_exclude_keys("Settings/disable_cgi_scanning"); script_require_keys("Settings/ParanoidReport"); script_require_ports("Services/www", 80); exit(0); } include("audit.inc"); include("global_settings.inc"); include("http_func.inc"); include("http_keepalive.inc"); if (report_paranoia < 2) audit(AUDIT_PARANOID); port = get_http_port(default:80, embedded:TRUE); if ( ! port ) exit(0); if ( get_kb_item("www/" + port + "/generic_xss") ) exit(0); if(get_port_state(port)) { foreach dir (cgi_dirs()) { buf = http_get(item:string(dir,"/htsearch.cgi?words=%22%3E%3Cscript%3Efoo%3C%2Fscript%3E"), port:port); r = http_keepalive_send_recv(port:port, data:buf, bodyonly:1); if( r == NULL )exit(0); if(egrep(pattern:"<script>foo</script>", string:r)) { security_warning(port); set_kb_item(name: 'www/'+port+'/XSS', value: TRUE); exit(0); } } }

Summary

Vulnerable Configurations

Nessus

References