Vulnerabilities > CVE-2004-1601 - Unspecified vulnerability in Coolphp web Portal 1.0Stable

047910
CVSS 0.0 - NONE
Attack vector
UNKNOWN
Attack complexity
UNKNOWN
Privileges required
UNKNOWN
Confidentiality impact
UNKNOWN
Integrity impact
UNKNOWN
Availability impact
UNKNOWN
coolphp
nessus
exploit available
NVD
Published: 2004-10-16
Updated: 2024-11-20

Summary

Directory traversal vulnerability in index.php in CoolPHP 1.0-stable allows remote attackers to access arbitrary files and execute local PHP scripts via a .. (dot dot) in the op parameter.

Vulnerable Configurations

Part Description Count
Application
Coolphp
1

Exploit-Db

descriptionCoolPHP 1.0 Multiple Remote Input Validation Vulnerabilities. CVE-2004-1601. Webapps exploit for php platform
idEDB-ID:24685
last seen2016-02-02
modified2004-10-16
published2004-10-16
reporterR00tCr4ck
sourcehttps://www.exploit-db.com/download/24685/
titleCoolPHP 1.0 - Multiple Remote Input Validation Vulnerabilities

Nessus

NASL familyCGI abuses
NASL idCOOLPHP_XSS.NASL
descriptionThe remote host is running the CoolPHP Content Management system. There are various flaws in the remote version of this software which may allow an attacker to read arbitrary files on the remote host or to set up a cross-site scripting attack.
last seen2020-06-01
modified2020-06-02
plugin id15506
published2004-10-18
reporterThis script is Copyright (C) 2004-2018 and is owned by Tenable, Inc. or an Affiliate thereof.
sourcehttps://www.tenable.com/plugins/nessus/15506
titleCoolPHP 1.0 Multiple Vulnerabilities
code
#
# (C) Tenable Network Security, Inc.
#


include("compat.inc");

if(description)
{
 script_id(15506);
 script_version ("1.22");
 script_cve_id("CVE-2004-1599", "CVE-2004-1601");
 script_bugtraq_id(11437);

 script_name(english:"CoolPHP 1.0 Multiple Vulnerabilities");

 script_set_attribute(attribute:"synopsis", value:
"The remote web server is running an application that is vulnerable to
multiple flaws." );
 script_set_attribute(attribute:"description", value:
"The remote host is running the CoolPHP Content Management system.

There are various flaws in the remote version of this software which
may allow an attacker to read arbitrary files on the remote host or to
set up a cross-site scripting attack." );
 script_set_attribute(attribute:"solution", value:
"None at this time." );
 script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:N");
 script_set_cvss_temporal_vector("CVSS2#E:POC/RL:OF/RC:C");
 script_set_attribute(attribute:"exploitability_ease", value:"No exploit is required");
 script_set_attribute(attribute:"exploit_available", value:"false");
 script_cwe_id(20, 74, 79, 442, 629, 711, 712, 722, 725, 750, 751, 800, 801, 809, 811, 864, 900, 928, 931, 990);

 script_set_attribute(attribute:"plugin_publication_date", value: "2004/10/18");
 script_set_attribute(attribute:"vuln_publication_date", value: "2004/10/16");
 script_cvs_date("Date: 2018/08/22 16:49:13");
script_set_attribute(attribute:"plugin_type", value:"remote");
script_end_attributes();

 script_summary(english:"Checks for CoolPHP");
 script_category(ACT_ATTACK);
 script_copyright(english:"This script is Copyright (C) 2004-2018 and is owned by Tenable, Inc. or an Affiliate thereof.");
 script_family(english: "CGI abuses");
 script_dependencie("http_version.nasl", "cross_site_scripting.nasl");
 script_require_ports("Services/www", 80);
 script_exclude_keys("Settings/disable_cgi_scanning");
 script_require_keys("Settings/ParanoidReport", "www/PHP");
 exit(0);
}

# The script code starts here
include("global_settings.inc");
include("misc_func.inc");
include("http.inc");

port = get_http_port(default:80);

if(!get_port_state(port))exit(0);
if(get_kb_item(string("www/", port, "/generic_xss"))) exit(0);
if(!can_host_php(port:port))exit(0);

test_cgi_xss(port: port, cgi: '/index.php', 
 qs: "op=userinfo&nick=<script>foo</script>", 
 pass_str: "<script>foo</script>");

References