Vulnerabilities > CVE-2003-0481 - Unspecified vulnerability in Gero Kohnert Tutos 1.1

047910
CVSS 0.0 - NONE
Attack vector
UNKNOWN
Attack complexity
UNKNOWN
Privileges required
UNKNOWN
Confidentiality impact
UNKNOWN
Integrity impact
UNKNOWN
Availability impact
UNKNOWN
gero-kohnert
nessus
exploit available
NVD
Published: 2003-08-07
Updated: 2024-11-20

Summary

Multiple cross-site scripting (XSS) vulnerabilities in TUTOS 1.1 allow remote attackers to insert arbitrary web script, as demonstrated using the msg parameter to file_select.php.

Vulnerable Configurations

Part Description Count
Application
Gero_Kohnert
1

Exploit-Db

descriptionTutos 1.1 File_Select.PHP Cross-Site Scripting Vulnerability. CVE-2003-0481. Webapps exploit for php platform
idEDB-ID:22818
last seen2016-02-02
modified2003-06-20
published2003-06-20
reporterFrançois SORIN
sourcehttps://www.exploit-db.com/download/22818/
titleTutos 1.1 File_Select.PHP Cross-Site Scripting Vulnerability

Nessus

NASL familyCGI abuses
NASL idTUTOS_SQL_XSS.NASL
descriptionThe remote host is running Tutos, an open source team organization software package written in PHP. The remote version of this software is vulnerable to multiple input validation flaws that could allow an authenticated user to perform a cross-site scripting attack or a SQL injection against the remote service.
last seen2020-06-01
modified2020-06-02
plugin id14784
published2004-09-21
reporterThis script is Copyright (C) 2004-2018 Tenable Network Security, Inc.
sourcehttps://www.tenable.com/plugins/nessus/14784
titleTUTOS < 1.2 Multiple Input Validation Vulnerabilities
code
#
# (C) Tenable Network Security, Inc.
#


include("compat.inc");

if(description)
{
 script_id(14784);
 script_version("1.21");

 script_cve_id("CVE-2003-0481", "CVE-2004-2161", "CVE-2004-2162");
 script_bugtraq_id(8011, 8012, 11221);

 script_name(english:"TUTOS < 1.2 Multiple Input Validation Vulnerabilities");
 
 script_set_attribute(attribute:"synopsis", value:
"The remote host has a PHP script that is affected by multiple
vulnerabilities." );
 script_set_attribute(attribute:"description", value:
"The remote host is running Tutos, an open source team 
organization software package written in PHP.

The remote version of this software is vulnerable to multiple 
input validation flaws that could allow an authenticated user to 
perform a cross-site scripting attack or a SQL injection against 
the remote service." );
 script_set_attribute(attribute:"solution", value:
"Upgrade to Tutos-1.2 or newer." );
 script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P");
 script_set_cvss_temporal_vector("CVSS2#E:POC/RL:OF/RC:C");
 script_set_attribute(attribute:"exploitability_ease", value:"No exploit is required");
 script_set_attribute(attribute:"exploit_available", value:"false");
 script_cwe_id(20, 74, 79, 442, 629, 711, 712, 722, 725, 750, 751, 800, 801, 809, 811, 864, 900, 928, 931, 990);

 script_set_attribute(attribute:"plugin_publication_date", value: "2004/09/21");
 script_set_attribute(attribute:"vuln_publication_date", value: "2003/06/23");
 script_cvs_date("Date: 2018/08/01 17:36:12");
script_set_attribute(attribute:"plugin_type", value:"remote");
script_set_attribute(attribute:"cpe", value: "cpe:/a:tutos:tutos");
script_end_attributes();

 
 script_summary(english:"Checks the version of Tutos");
 
 script_category(ACT_GATHER_INFO);
 
 script_copyright(english:"This script is Copyright (C) 2004-2018 Tenable Network Security, Inc.");
 script_family(english:"CGI abuses");
 script_dependencie("find_service1.nasl", "http_version.nasl");
 script_require_ports("Services/www", 80);
 script_exclude_keys("Settings/disable_cgi_scanning");
 script_require_keys("www/PHP");
 exit(0);
}

# Check starts here

include("global_settings.inc");
include("misc_func.inc");
include("http.inc");

port = get_http_port(default:80);

if ( ! can_host_php(port:port) ) exit(0,"The remote web server does not support PHP.");

foreach dir (make_list( cgi_dirs() )) 
 {
   res = http_send_recv3(method:"GET", item:dir + "/php/mytutos.php", port:port);
   if (isnull(res)) exit(0,"Null response to mytutos.php request.");
  if ( '"GENERATOR" content="TUTOS' >< res[2] &&
       egrep(pattern:".*GENERATOR.*TUTOS (0\..*|1\.[01]\.)", string:res[2]) )
	{
	 security_hole(port);
	 set_kb_item(name: 'www/'+port+'/XSS', value: TRUE);
	 set_kb_item(name: 'www/'+port+'/SQLInjection', value: TRUE);
	 exit(0);
	}
 }

References