Vulnerabilities > CVE-2002-2055 - Cross-Site Scripting vulnerability in Teekai Tracking Online 1.0

047910
CVSS 4.3 - MEDIUM
Attack vector
NETWORK
Attack complexity
MEDIUM
Privileges required
NONE
Confidentiality impact
NONE
Integrity impact
PARTIAL
Availability impact
NONE
network
teekai
nessus
exploit available
NVD
Published: 2002-12-31
Updated: 2016-10-18

Summary

Cross-site scripting (XSS) vulnerability in userlog.php in TeeKai Tracking Online 1.0 allows remote attackers to inject arbitrary web script or HTML via the id parameter.

Vulnerable Configurations

Part Description Count
Application
Teekai
1

Exploit-Db

descriptionTeekai Tracking Online 1.0 Cross-Site Scripting Vulnerability. CVE-2002-2055. Webapps exploit for php platform
idEDB-ID:21509
last seen2016-02-02
modified2002-06-03
published2002-06-03
reporterfrog
sourcehttps://www.exploit-db.com/download/21509/
titleTeekai Tracking Online 1.0 - Cross-Site Scripting Vulnerability

Nessus

NASL familyCGI abuses : XSS
NASL idTEEKAI_TRACK_ONLINE_XSS.NASL
descriptionThe remote host runs Teekai Tracking Online, a PHP script used for tracking the number of users on a Web site. This version is vulnerable to cross-site scripting attacks. A remote attacker could exploit this by tricking a user into requesting a maliciously crafted URL, resulting in the execution of arbitrary code.
last seen2020-06-01
modified2020-06-02
plugin id15707
published2004-11-13
reporterThis script is Copyright (C) 2004-2018 Tenable Network Security, Inc.
sourcehttps://www.tenable.com/plugins/nessus/15707
titleTeeKai Tracking Online XSS
code
#
# (C) Tenable Network Security, Inc.
#

include("compat.inc");

if (description)
{
  script_id(15707);
  script_version("1.18");

  script_cve_id("CVE-2002-2055");
  script_bugtraq_id(4924);
  
  script_name(english:"TeeKai Tracking Online XSS");

  script_set_attribute(
    attribute:"synopsis",
    value:
"A web applicaton on the remote host has a cross-site scripting
vulnerability."
  );
  script_set_attribute(
    attribute:"description",
    value:
"The remote host runs Teekai Tracking Online, a PHP script used
for tracking the number of users on a Web site.  This version is
vulnerable to cross-site scripting attacks.  A remote attacker could
exploit this by tricking a user into requesting a maliciously crafted
URL, resulting in the execution of arbitrary code."
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://seclists.org/vuln-dev/2002/Jun/30"
  );
  script_set_attribute(
    attribute:"solution",
    value:"Upgrade to the latest version of this software."
  );
 script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:N/I:P/A:N");
 script_set_cvss_temporal_vector("CVSS2#E:H/RL:OF/RC:C");
 script_set_attribute(attribute:"exploitability_ease", value:"No exploit is required");
 script_set_attribute(attribute:"exploit_available", value:"false");
 script_cwe_id(20, 74, 79, 442, 629, 711, 712, 722, 725, 750, 751, 800, 801, 809, 811, 864, 900, 928, 931, 990);

 script_set_attribute(attribute:"plugin_publication_date", value: "2004/11/13");
 script_cvs_date("Date: 2018/11/15 20:50:20");
  script_set_attribute(attribute:"plugin_type", value:"remote");
  script_end_attributes();
 
  script_summary(english:"Checks XSS in TeeKai Tracking Online");
  script_category(ACT_GATHER_INFO);
  script_copyright(english:"This script is Copyright (C) 2004-2018 Tenable Network Security, Inc.");
  script_family(english:"CGI abuses : XSS");
  script_dependencies("cross_site_scripting.nasl");
  script_require_ports("Services/www");
  script_exclude_keys("Settings/disable_cgi_scanning");
  script_require_keys("www/PHP");
  exit(0);
}

include("global_settings.inc");
include("misc_func.inc");
include("http.inc");

port = get_http_port(default:80);
if(!can_host_php(port:port))exit(0);
if ( get_kb_item("www/" + port + "/generic_xss" ) ) exit(0);

if(get_port_state(port))
{
 url = "/page.php?action=view&id=1<script>foo</script>";
 r = http_send_recv3(method:"GET", port:port, item:url);
 if(isnull(r)) exit(1, "The web server on port "+port+" failed to respond.");
 if(
  "<script>foo</script>" >< r[2] &&
  egrep(pattern:"^HTTP/1\.[01] +200 ", string:r[2])
 )
 {
  security_warning(port);
  set_kb_item(name: 'www/'+port+'/XSS', value: TRUE);
  exit(0);
 }
}

References