Vulnerabilities > CVE-2003-1238 - Cross-Site Scripting vulnerability in Nuked-Klan
Attack vector
NETWORK Attack complexity
MEDIUM Privileges required
NONE Confidentiality impact
PARTIAL Integrity impact
PARTIAL Availability impact
NONE Summary
Cross-site scripting vulnerability (XSS) in Nuked-Klan 1.3 beta and earlier allows remote attackers to steal authentication information via cookies by injecting arbitrary HTML or script into op of the (1) Team, (2) News, and (3) Liens modules.
Vulnerable Configurations
| Part | Description | Count |
|---|---|---|
| Application | 4 |
Exploit-Db
| description | Nuked-Klan 1.3 Multiple Cross Site Scripting Vulnerabilities. CVE-2003-1238. Webapps exploit for php platform |
| id | EDB-ID:22276 |
| last seen | 2016-02-02 |
| modified | 2003-02-23 |
| published | 2003-02-23 |
| reporter | gregory Le Bras |
| source | https://www.exploit-db.com/download/22276/ |
| title | Nuked-Klan 1.3 - Multiple Cross-Site Scripting Vulnerabilities |
Nessus
NASL family CGI abuses NASL id NUKED_CLAN_CMD_EXEC.NASL description It is possible to execute arbitrary PHP code on the remote host using a flaw in the last seen 2020-06-01 modified 2020-06-02 plugin id 11282 published 2003-02-28 reporter This script is Copyright (C) 2003-2018 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/11282 title Nuked-Klan 1.2b Multiple Vulnerabilities code # # (C) Tenable Network Security, Inc. # # Ref: # Message-ID: <[email protected]> # From: "Gregory" Le Bras <[email protected]> # To: [email protected] # Subject: [SCSA-006] XSS & Function # # We don't check for all the listed BIDs since no patch has # ever been made (ie: vulnerable to one => vulnerable to all) include("compat.inc"); if(description) { script_id(11282); script_version ("1.33"); script_cve_id("CVE-2003-1238", "CVE-2003-1370", "CVE-2003-1371"); script_bugtraq_id(6697, 6699, 6700, 6916, 6917); script_name(english:"Nuked-Klan 1.2b Multiple Vulnerabilities"); script_set_attribute(attribute:"synopsis", value: "The remote web server contains a PHP application that is affected by multiple vulnerabilities." ); script_set_attribute(attribute:"description", value: "It is possible to execute arbitrary PHP code on the remote host using a flaw in the 'Nuked Klan' package. An attacker may leverage this flaw to leak information about the remote system or even execute arbitrary commands. In addition to this problem, this service is vulnerable to various cross-site scripting attacks." ); script_set_attribute(attribute:"see_also", value:"https://seclists.org/bugtraq/2003/Mar/265" ); script_set_attribute(attribute:"see_also", value:"https://seclists.org/bugtraq/2003/Mar/278" ); script_set_attribute(attribute:"solution", value: "Contact the author for a patch." ); script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:N"); script_set_cvss_temporal_vector("CVSS2#E:H/RL:OF/RC:ND"); script_set_attribute(attribute:"exploitability_ease", value:"No exploit is required"); script_set_attribute(attribute:"exploit_available", value:"true"); script_cwe_id(79); script_set_attribute(attribute:"plugin_publication_date", value: "2003/02/28"); script_cvs_date("Date: 2018/11/15 20:50:18"); script_set_attribute(attribute:"plugin_type", value:"remote"); script_end_attributes(); script_summary(english:"Executes phpinfo()"); script_category(ACT_ATTACK); script_copyright(english:"This script is Copyright (C) 2003-2018 Tenable Network Security, Inc."); script_family(english:"CGI abuses"); script_dependencie("http_version.nasl"); script_require_ports("Services/www", 80); script_exclude_keys("Settings/disable_cgi_scanning"); script_require_keys("www/PHP"); exit(0); } # # The script code starts here # include("global_settings.inc"); include("misc_func.inc"); include("http.inc"); port = get_http_port(default:80, embedded: 0, php: 1); function check(loc, module) { local_var url, w, r, report; if (! loc && report_paranoia < 2) return; # Might generate a FP url = strcat(loc, "/index.php?file=", module, "&op=phpinfo"); w = http_send_recv3(method:"GET", item: url, port:port, exit_on_fail: 1); r = strcat(w[0], w[1], '\r\n', w[2]); if("allow_call_time_pass_reference" >< r){ report = string( "A vulnerable instance of Nuke Clan can be found at the following URL :\n", "\n", " ", build_url(port:port, qs:url), "\n" ); security_warning(port:port, extra:report); set_kb_item(name: 'www/'+port+'/XSS', value: TRUE); exit(0); } } dirs = list_uniq(make_list("/nuked-clan", "/clan-nic", "/klan", "/clan", cgi_dirs())); foreach dir (dirs) { check(loc:dir, module:"News"); #check(loc:dir, module:"Team"); #check(loc:dir, module:"Lien"); }NASL family CGI abuses NASL id NUKED_KLAN_XSS.NASL description The instance of Nuked-klan running on the remote web server is affected by multiple vulnerabilities due to a failure to sanitize user-supplied input to several parameters before using them in the last seen 2020-06-01 modified 2020-06-02 plugin id 11447 published 2003-03-23 reporter This script is Copyright (C) 2003-2018 k-otik.com source https://www.tenable.com/plugins/nessus/11447 title Nuked-Klan index.php Multiple Module Vulnerabilities code # # This test was rewritten by Tenable Network Security, Inc. # # Message-ID: <[email protected]> # From: Ertan Kurt <mailto:[email protected]> # To: <[email protected]> # Subject: Some XSS vulns # # Changes by Tenable: # - Revised plugin title (3/27/2009) # - Changed family (5/21/2009) # - Added response request and output in report. Modernized the descriptive text. (7/2016) include("compat.inc"); if (description) { script_id(11447); script_version("1.40"); script_set_attribute(attribute:"plugin_modification_date", value:"2020/06/12"); script_cve_id("CVE-2003-1238", "CVE-2003-1371"); script_bugtraq_id(6916, 6917); script_xref(name:"EDB-ID", value:"22276"); script_name(english:"Nuked-Klan index.php Multiple Module Vulnerabilities"); script_summary(english:"Determine if Nuked-klan is vulnerable to an XSS attack."); script_set_attribute(attribute:"synopsis", value: "The remote web server contains a PHP application that is affected by multiple vulnerabilities."); script_set_attribute(attribute:"description", value: "The instance of Nuked-klan running on the remote web server is affected by multiple vulnerabilities due to a failure to sanitize user-supplied input to several parameters before using them in the 'Team', 'News', and 'Liens' modules to display dynamic HTML. An unauthenticated, remote attacker can exploit these issues to execute arbitrary script code in a user's browser session. Additionally, an information disclosure vulnerability exists that allows a remote attacker to disclose the physical path of the directory in which the application is installed; however, Nessus did not test for this."); script_set_attribute(attribute:"see_also", value:"https://seclists.org/fulldisclosure/2003/Feb/319"); script_set_attribute(attribute:"see_also", value:"https://seclists.org/bugtraq/2003/Mar/265"); script_set_attribute(attribute:"solution", value:"Contact the author for a patch."); script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:N"); script_set_cvss_temporal_vector("CVSS2#E:H/RL:U/RC:ND"); script_set_attribute(attribute:"exploitability_ease", value:"No exploit is required"); script_set_attribute(attribute:"exploit_available", value:"true"); script_cwe_id(79); script_set_attribute(attribute:"vuln_publication_date", value:"2003/03/18"); script_set_attribute(attribute:"plugin_publication_date", value:"2003/03/23"); script_set_attribute(attribute:"potential_vulnerability", value:"true"); script_set_attribute(attribute:"plugin_type", value:"remote"); script_set_attribute(attribute:"cpe", value:"cpe:/a:nuked-klan:nuked-klan"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_family(english:"CGI abuses"); script_copyright(english:"This script is Copyright (C) 2003-2020 k-otik.com"); script_dependencie("http_version.nasl", "cross_site_scripting.nasl"); script_exclude_keys("Settings/disable_cgi_scanning"); script_require_keys("www/PHP"); script_require_ports("Services/www", 80); exit(0); } include("audit.inc"); include("global_settings.inc"); include("http_func.inc"); include("http_keepalive.inc"); port = get_http_port(default:80, embedded:TRUE); if (get_kb_item("www/"+port+"/generic_xss")) exit(0, "The web server on port "+port+" is vulnerable to XSS."); xss_pat = "<script>window.alert('test');</script>"; foreach d (cgi_dirs()) { url = d + "/index.php?file=Liens&op=" + raw_string(0x22) + "><script>window.alert('test');</script>"; req = http_get(item:url, port:port); buf = http_keepalive_send_recv(port:port, data:req, bodyonly:FALSE); if( buf == NULL ) exit(0, "An empty response was received from the web server on port", port); if(ereg(pattern:"^HTTP/[0-9]\.[0-9] +200 .*", string:buf) && xss_pat >< buf) { output = strstr(buf, xss_pat); if (isnull(output)) output = buf; security_report_v4( port : port, severity : SECURITY_WARNING, generic : TRUE, request : make_list(build_url(qs:url, port:port)), output : output, xss : TRUE ); exit(0); } } exit(0, "The web server on port "+port+" is not affected.");