Vulnerabilities > CVE-2004-0237

047910
CVSS 5.0 - MEDIUM
Attack vector
NETWORK
Attack complexity
LOW
Privileges required
NONE
Confidentiality impact
PARTIAL
Integrity impact
NONE
Availability impact
NONE
network
low complexity
aprox-portal
nessus
exploit available
NVD
Published: 2004-11-23
Updated: 2017-07-11

Summary

Directory traversal vulnerability in index.php in Aprox PHP Portal allows remote attackers to read arbitrary files via a full pathname in the show parameter.

Vulnerable Configurations

Part Description Count
Application
Aprox_Portal
1

Exploit-Db

descriptionAprox Portal 3.0 File Disclosure Vulnerability. CVE-2004-0237. Webapps exploit for php platform
idEDB-ID:23630
last seen2016-02-02
modified2004-01-31
published2004-01-31
reporterZero X
sourcehttps://www.exploit-db.com/download/23630/
titleAprox Portal 3.0 File Disclosure Vulnerability

Nessus

NASL familyCGI abuses
NASL idAPROX_PORTAL_FILE_DISCLOSURE.NASL
descriptionThe remote host is running Aprox Portal - a PHP-based content management system. There is a bug in this software that may allow an attacker to read arbitrary files on the remote web server with the privileges of the web user. In addition, this software is reportedly vulnerable to a local file inclusion attack. However, Nessus has not checked for this.
last seen2020-06-01
modified2020-06-02
plugin id12031
published2004-02-02
reporterThis script is Copyright (C) 2004-2018 Tenable Network Security, Inc.
sourcehttps://www.tenable.com/plugins/nessus/12031
titleAprox PHP Portal index.php Arbitrary File View
code
#
# (C) Tenable Network Security, Inc.
#

include("compat.inc");

if(description)
{
 script_id(12031);
 script_cve_id("CVE-2004-0237");
 script_bugtraq_id(9540);
 script_version ("1.21");
 
 script_name(english:"Aprox PHP Portal index.php Arbitrary File View");
 script_summary(english:"Checks Aprox Portal");
 
 script_set_attribute(attribute:"synopsis", value:
"The remote host is running a PHP application that is affected by a
file disclosure vulnerability." );
 script_set_attribute(attribute:"description", value:
"The remote host is running Aprox Portal - a PHP-based content
management system.

There is a bug in this software that may allow an attacker to read
arbitrary files on the remote web server with the privileges of the
web user.

In addition, this software is reportedly vulnerable to a local file
inclusion attack.  However, Nessus has not checked for this." );
 script_set_attribute(attribute:"see_also", value:"https://seclists.org/bugtraq/2004/Feb/38" );
 script_set_attribute(attribute:"solution", value:
"Upgrading to Aprox Portal 4.00.08 or newer reportedly fixes the issue." );
 script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:N");
 script_set_cvss_temporal_vector("CVSS2#E:H/RL:U/RC:ND");
 script_set_attribute(attribute:"exploitability_ease", value:"No exploit is required");
 script_set_attribute(attribute:"exploit_available", value:"true");
 script_set_attribute(attribute:"plugin_publication_date", value: "2004/02/02");
 script_set_attribute(attribute:"vuln_publication_date", value: "2004/01/31");
 script_cvs_date("Date: 2018/11/15 20:50:16");
 script_set_attribute(attribute:"plugin_type", value:"remote");
 script_end_attributes();
 
 script_category(ACT_GATHER_INFO);
 
 script_copyright(english:"This script is Copyright (C) 2004-2018 Tenable Network Security, Inc.");
 script_family(english:"CGI abuses");
 script_dependencie("find_service1.nasl", "http_version.nasl");
 script_require_ports("Services/www", 80);
 script_exclude_keys("Settings/disable_cgi_scanning");
 exit(0);
}

#
# The script code starts here
#
include("global_settings.inc");
include("misc_func.inc");
include("http.inc");

port = get_http_port(default:80);

foreach dir (cgi_dirs())
{
 req = string(dir,"/index.php?show=/etc/passwd");
 r = http_send_recv3(method:"GET", item:req, port:port);
 if (isnull(r)) exit(0);
 buf = strcat(r[0], r[1], '\r\n', r[2]);

 if(egrep(pattern:".*root:.*:0:[01]:.*", string:buf)){
 	security_warning(port);
	exit(0);
	}
}

References