Vulnerabilities > CVE-2005-1172 - HTML Injection vulnerability in Coppermine Photo Gallery X-Forwarded-For Logging
Attack vector
NETWORK Attack complexity
MEDIUM Privileges required
NONE Confidentiality impact
NONE Integrity impact
PARTIAL Availability impact
NONE Summary
Cross-site scripting (XSS) vulnerability in init.inc.php in Coppermine Photo Gallery 1.3.x allows remote attackers to inject arbitrary web script or HTML via the X-Forwarded-For parameter.
Vulnerable Configurations
| Part | Description | Count |
|---|---|---|
| Application | 7 |
Nessus
NASL family CGI abuses : XSS NASL id COPPERMINE_GALLERY_X_FORWARDED_FOR.NASL description According to its version number, the version of Coppermine Photo Gallery installed on the remote host is affected by a cross-site scripting vulnerability when logging user comments. A user with access to the comments module can exploit this flaw using a specially crafted last seen 2020-06-01 modified 2020-06-02 plugin id 18083 published 2005-04-18 reporter This script is Copyright (C) 2005-2018 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/18083 title Coppermine Photo Gallery init.inc.php X-Forwarded-For XSS code # # (C) Tenable Network Security, Inc. # include("compat.inc"); if (description) { script_id(18083); script_version("1.18"); script_cve_id("CVE-2005-1172"); script_bugtraq_id(13218); script_name(english:"Coppermine Photo Gallery init.inc.php X-Forwarded-For XSS"); script_set_attribute(attribute:"synopsis", value: "The remote web server contains a PHP application that is vulnerable to a cross-site scripting attack." ); script_set_attribute(attribute:"description", value: "According to its version number, the version of Coppermine Photo Gallery installed on the remote host is affected by a cross-site scripting vulnerability when logging user comments. A user with access to the comments module can exploit this flaw using a specially crafted 'X-Forwarded-For' header to steal an admin's cookie when he views the application logs or to launch other types of cross- site scripting attacks against the affected application." ); script_set_attribute(attribute:"see_also", value:"http://www.securityfocus.com/archive/1/396080" ); script_set_attribute(attribute:"see_also", value:"http://forum.coppermine-gallery.net/index.php?topic=17134" ); script_set_attribute(attribute:"solution", value: "Upgrade to Coppermine Photo Gallery version 1.3.3 or later." ); script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:S/C:N/I:P/A:N"); script_set_cvss_temporal_vector("CVSS2#E:H/RL:OF/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"No exploit is required"); script_set_attribute(attribute:"exploit_available", value:"false"); script_cwe_id(20, 74, 79, 442, 629, 711, 712, 722, 725, 750, 751, 800, 801, 809, 811, 864, 900, 928, 931, 990); script_set_attribute(attribute:"plugin_publication_date", value: "2005/04/18"); script_set_attribute(attribute:"vuln_publication_date", value: "2005/04/18"); script_cvs_date("Date: 2018/11/15 20:50:19"); script_set_attribute(attribute:"plugin_type", value:"remote"); script_end_attributes(); script_summary(english:"Checks for X-Forwarded-For Logging Vulnerability in Coppermine Photo Gallery"); script_category(ACT_GATHER_INFO); script_family(english:"CGI abuses : XSS"); script_copyright(english:"This script is Copyright (C) 2005-2018 Tenable Network Security, Inc."); script_dependencies("coppermine_gallery_detect.nasl"); script_exclude_keys("Settings/disable_cgi_scanning"); script_require_ports("Services/www", 80); script_require_keys("www/PHP"); exit(0); } include("global_settings.inc"); include("misc_func.inc"); include("http.inc"); port = get_http_port(default:80); if (!get_port_state(port)) exit(0); if (!can_host_php(port:port)) exit(0); # Test an install. install = get_kb_item(string("www/", port, "/coppermine_photo_gallery")); if (isnull(install)) exit(0); matches = eregmatch(string:install, pattern:"^(.+) under (/.*)$"); if (!isnull(matches)) { ver = matches[1]; # nb: catches versions like "1.3.0-Nuke" too. if (ver =~ "^(0|1\.([0-2]|3\.[0-2]([^0-9]|$)))") { security_note(port); set_kb_item(name: 'www/'+port+'/XSS', value: TRUE); } }NASL family FreeBSD Local Security Checks NASL id FREEBSD_PKG_756DB070B9D411D9AE81000AE42E9B93.NASL description GHC team reports about coppermine The lack of sanitizing of user defined variables may result in undesirable consequences such as IP spoofing or XSS attack. Generally users of Coppermine Gallery can post comments. Remote address & x-forwarded-for variables are logged for admin last seen 2020-06-01 modified 2020-06-02 plugin id 18985 published 2005-07-13 reporter This script is Copyright (C) 2005-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/18985 title FreeBSD : coppermine -- IP spoofing and XSS vulnerability (756db070-b9d4-11d9-ae81-000ae42e9b93) code #%NASL_MIN_LEVEL 80502 # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from the FreeBSD VuXML database : # # Copyright 2003-2018 Jacques Vidrine and contributors # # Redistribution and use in source (VuXML) and 'compiled' forms (SGML, # HTML, PDF, PostScript, RTF and so forth) with or without modification, # are permitted provided that the following conditions are met: # 1. Redistributions of source code (VuXML) must retain the above # copyright notice, this list of conditions and the following # disclaimer as the first lines of this file unmodified. # 2. Redistributions in compiled form (transformed to other DTDs, # published online in any format, converted to PDF, PostScript, # RTF and other formats) must reproduce the above copyright # notice, this list of conditions and the following disclaimer # in the documentation and/or other materials provided with the # distribution. # # THIS DOCUMENTATION IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS "AS IS" # AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, # THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR # PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS # BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, # OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT # OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR # BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, # WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE # OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS DOCUMENTATION, # EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. # include("compat.inc"); if (description) { script_id(18985); script_version("1.17"); script_cvs_date("Date: 2019/08/02 13:32:37"); script_cve_id("CVE-2005-1172"); script_bugtraq_id(13218); script_name(english:"FreeBSD : coppermine -- IP spoofing and XSS vulnerability (756db070-b9d4-11d9-ae81-000ae42e9b93)"); script_summary(english:"Checks for updated package in pkg_info output"); script_set_attribute( attribute:"synopsis", value:"The remote FreeBSD host is missing a security-related update." ); script_set_attribute( attribute:"description", value: "GHC team reports about coppermine The lack of sanitizing of user defined variables may result in undesirable consequences such as IP spoofing or XSS attack. Generally users of Coppermine Gallery can post comments. Remote address & x-forwarded-for variables are logged for admin's eyes. X-Forwarded-for variable does not pass throu any filtration before logging into database. User can define/redefine this variable." ); # http://www.securityfocus.com/archive/1/396080 script_set_attribute( attribute:"see_also", value:"https://www.securityfocus.com/archive/1/396080" ); # http://coppermine.sourceforge.net/board/index.php?topic=17134.0 script_set_attribute( attribute:"see_also", value:"http://forum.coppermine-gallery.net/index.php?topic=17134.0" ); # https://vuxml.freebsd.org/freebsd/756db070-b9d4-11d9-ae81-000ae42e9b93.html script_set_attribute( attribute:"see_also", value:"http://www.nessus.org/u?5c0937c8" ); script_set_attribute(attribute:"solution", value:"Update the affected package."); script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:N/I:P/A:N"); script_set_cvss_temporal_vector("CVSS2#E:H/RL:OF/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"No exploit is required"); script_set_attribute(attribute:"exploit_available", value:"true"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:freebsd:freebsd:coppermine"); script_set_attribute(attribute:"cpe", value:"cpe:/o:freebsd:freebsd"); script_set_attribute(attribute:"vuln_publication_date", value:"2005/04/18"); script_set_attribute(attribute:"patch_publication_date", value:"2005/05/01"); script_set_attribute(attribute:"plugin_publication_date", value:"2005/07/13"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2005-2019 and is owned by Tenable, Inc. or an Affiliate thereof."); script_family(english:"FreeBSD Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/FreeBSD/release", "Host/FreeBSD/pkg_info"); exit(0); } include("audit.inc"); include("freebsd_package.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); if (!get_kb_item("Host/FreeBSD/release")) audit(AUDIT_OS_NOT, "FreeBSD"); if (!get_kb_item("Host/FreeBSD/pkg_info")) audit(AUDIT_PACKAGE_LIST_MISSING); flag = 0; if (pkg_test(save_report:TRUE, pkg:"coppermine<1.3.2")) flag++; if (flag) { if (report_verbosity > 0) security_warning(port:0, extra:pkg_report_get()); else security_warning(0); exit(0); } else audit(AUDIT_HOST_NOT, "affected");