Vulnerabilities > CVE-2005-0265 - Cross-Site Scripting and SQL Injection vulnerability in OWL Intranet Engine 0.7/0.8

047910
CVSS 7.5 - HIGH
Attack vector
NETWORK
Attack complexity
LOW
Privileges required
NONE
Confidentiality impact
PARTIAL
Integrity impact
PARTIAL
Availability impact
PARTIAL
network
low complexity
owl
nessus

Summary

Multiple SQL injection vulnerabilities in browse.php in OWL 0.7 and 0.8 allow remote attackers to execute arbitrary SQL commands via the (1) parent or (2) sortposted parameter.

Vulnerable Configurations

Part Description Count
Application
Owl
2

Nessus

NASL familyCGI abuses
NASL idOWL_MULTIPLE_FLAWS.NASL
descriptionThe remote host is using owl intranet engine, an open source file sharing utility written in php. The remote version of this software is vulnerable to various flaws, which may allow an attacker to execute arbitrary SQL statements against the remote database or to perform a cross site scripting attack against third-party users by using the remote server.
last seen2020-06-01
modified2020-06-02
plugin id16063
published2004-12-28
reporterThis script is Copyright (C) 2004-2018 Tenable Network Security, Inc.
sourcehttps://www.tenable.com/plugins/nessus/16063
titleOwl < 0.74.0 Multiple Vulnerabilities
code
#
# (C) Tenable Network Security, Inc.
#

include("compat.inc");

if (description)
{
 script_id(16063);
 script_version ("1.18");

 script_cve_id("CVE-2005-0264", "CVE-2005-0265");
 script_bugtraq_id(12114);

 script_name(english:"Owl < 0.74.0 Multiple Vulnerabilities");

 script_set_attribute(attribute:"synopsis", value:
"The remote host has an application that is affected by a SQL
injection vulnerability." );
 script_set_attribute(attribute:"description", value:
"The remote host is using owl intranet engine, an open source
file sharing utility written in php.

The remote version of this software is vulnerable to various
flaws, which may allow an attacker to execute arbitrary SQL
statements against the remote database or to perform a cross
site scripting attack against third-party users by using the
remote server." );
 script_set_attribute(attribute:"solution", value:
"Upgrade to Owl 0.74.0 or later." );
 script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P");
 script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
 script_set_attribute(attribute:"exploitability_ease", value:"No exploit is required");
 script_set_attribute(attribute:"exploit_available", value:"false");
 script_cwe_id(20, 74, 79, 442, 629, 711, 712, 722, 725, 750, 751, 800, 801, 809, 811, 864, 900, 928, 931, 990);

 script_set_attribute(attribute:"plugin_publication_date", value: "2004/12/28");
 script_set_attribute(attribute:"vuln_publication_date", value: "2005/01/01");
 script_cvs_date("Date: 2018/07/24 18:56:10");
script_set_attribute(attribute:"plugin_type", value:"remote");
script_set_attribute(attribute:"cpe", value: "cpe:/a:owl:owl_intranet_engine");
script_end_attributes();

 script_summary(english:"Determines owl is installed");
 script_category(ACT_GATHER_INFO);
 script_family(english:"CGI abuses");
 script_copyright(english:"This script is Copyright (C) 2004-2018 Tenable Network Security, Inc.");
 script_dependencie("http_version.nasl");
 script_require_ports("Services/www", 80);
 script_exclude_keys("Settings/disable_cgi_scanning");
 script_require_keys("www/PHP");
 exit(0);
}

include("global_settings.inc");
include("misc_func.inc");
include("http.inc");

port = get_http_port(default:80);
if(!can_host_php(port:port)) exit(0);


foreach d ( cgi_dirs() )
{
 w = http_send_recv3(method:"GET", item:d + "/browse.php", port:port);
 if (isnull(w)) exit(1, "The web server on port "+port+" did not answer");
 res = strcat(w[0], w[1], '\r\n', w[2]);
 line = egrep(pattern:"<TITLE>Owl Intranet Owl ", string:res);
 if ( line )
 {
  if ( ereg(pattern:".*Owl 0\.([0-6].*|7[0-3])</TITLE>", string:line) )
	{
	 security_hole(port);
	 set_kb_item(name: 'www/'+port+'/XSS', value: TRUE);
	 exit(0);
	}
 }
}