Vulnerabilities > CVE-2004-2776 - Unspecified vulnerability in Goscript Project Goscript 2.0

047910
CVSS 9.8 - CRITICAL
Attack vector
NETWORK
Attack complexity
LOW
Privileges required
NONE
Confidentiality impact
HIGH
Integrity impact
HIGH
Availability impact
HIGH
network
low complexity
goscript-project
critical
nessus

Summary

go.cgi in GoScript 2.0 allows remote attackers to execute arbitrary commands via shell metacharacters in the (1) query string or (2) artarchive parameter.

Vulnerable Configurations

Part Description Count
Application
Goscript_Project
1

Nessus

NASL familyCGI abuses
NASL idGOSCRIPT_COMMAND_EXEC.NASL
descriptionThe remote host is running GoScript. The installed version fails to properly sanitize user-supplied input to the
last seen2020-06-01
modified2020-06-02
plugin id14237
published2004-08-09
reporterThis script is Copyright (C) 2004-2018 and is owned by Tenable, Inc. or an Affiliate thereof.
sourcehttps://www.tenable.com/plugins/nessus/14237
titleGoScript go.cgi Arbitrary Command Execution
code
#
# (C) Tenable Network Security, Inc.
#

include("compat.inc");

if (description)
{
  script_id(14237);
  script_version("1.26");
  script_cvs_date("Date: 2018/11/28 22:47:41");

  script_cve_id("CVE-2004-2776");
  script_bugtraq_id(10853);

  script_name(english:"GoScript go.cgi Arbitrary Command Execution");
  script_summary(english:"Goscript command execution detection");

  script_set_attribute(attribute:"synopsis", value:
"The remote host contains a CGI script that is affected by a remote
command execution vulnerability.");
  script_set_attribute(attribute:"description", value:
"The remote host is running GoScript.  The installed version fails to
properly sanitize user-supplied input to the 'go.cgi' script.  An
unauthenticated, remote attacker could exploit this flaw to execute
arbitrary commands on the remote host.");
  script_set_attribute(attribute:"see_also", value:"https://seclists.org/bugtraq/2004/Aug/38");
  script_set_attribute(attribute:"solution", value:"There is no known solution at this time.");
  script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P");
  script_set_cvss_temporal_vector("CVSS2#E:U/RL:U/RC:ND");
  script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
  script_set_attribute(attribute:"exploit_available", value:"false");

  script_set_attribute(attribute:"vuln_publication_date", value:"2004/08/03");
  script_set_attribute(attribute:"plugin_publication_date", value:"2004/08/09");

  script_set_attribute(attribute:"plugin_type", value:"remote");
  script_end_attributes();

  script_category(ACT_ATTACK);
  script_copyright(english:"This script is Copyright (C) 2004-2018 and is owned by Tenable, Inc. or an Affiliate thereof.");
  script_family(english:"CGI abuses");

  script_dependencies("http_version.nasl");
  script_exclude_keys("Settings/disable_cgi_scanning");
  script_require_ports("Services/www", 80);

  exit(0);
}

include("audit.inc");
include("global_settings.inc");
include("misc_func.inc");
include("http.inc");

port = get_http_port(default:80);
server_name = http_server_header(port:port);
if ('Monitorix' >< server_name) exit(0, "The Monitorix install listening on port "+port+" is not affected as it does not include GoScript's go.cgi script.");

http_check_remote_code (
			check_request:"/go.cgi|id|",
			check_result:"uid=[0-9]+.*gid=[0-9]+.*",
			command:"id",
                        port:port
			);

audit(AUDIT_LISTEN_NOT_VULN, "HTTP Server", port);