############################################################################## # # PHPDocumentor File Include Vulnerability # # Copyright: OS2A and it's member companies # # Date Written: 2006/01/06 # # $Revision: 1.1 $ # # $Log: os2a_phpdocumentor_file_inclusion_600915.nasl,v $ # Revision 1.1 2006/01/09 12:57:36 bchandra # Issue #1544 To production # # Revision 1.4 2006/01/06 11:50:50 shraddha # Modified description and CVSS score. # Issue #1544. # # Revision 1.3 2006/01/06 10:37:08 nrnandini # Added the Scope of impact in the description. # Modified the regex. # issue #1544 # # Revision 1.2 2006/01/06 07:40:56 nashwini # issue #1544 # removed security_notes # # Revision 1.1 2006/01/06 07:39:52 nashwini # issue #1544 # # # ------------------------------------------------------------------------ # This program was written by OS2A and/or it's member companies and is # licensed under the GNU GPL license. Please see below for details. This # header contains information regarding licensing terms under the GPL, and # information regarding obtaining source code from the Author. Consequently, # pursuant to section 3(c) of the GPL, you must accompany the information # found in this header with any distribution you make of this Program. # ------------------------------------------------------------------------ ############################################################################## if(description) { script_id(600915); script_bugtraq_id(16080); script_cve_id("CVE-2005-4593"); script_copyright(english:"Copyright (C) 2005 OS2A"); script_version ("$Revision: 1.1 $"); script_category(ACT_GATHER_INFO); script_family(english:"CGI abuses"); script_name(english:"PHPDocumentor File Include Vulnerability"); script_summary(english:"Check for vulnerable version of PHPDocumentor"); desc["english"] = " Overview : This host has PHPDocumentor an auto-documentation tool for the php language which is prone to a file inclusion vulnerability. The flaw exists due to input validation errors in bug-559668.php and file_dialog.php scripts which do not properly validate FORUM[LIB] and root_dir parameters respectively. Successful exploitation requires register_globals and allow_url_fopen to be enabled. Impact : Successful exploitation could result in the compromise of the application or disclosure or modification of data. Scope of Impact is restricted to system level. Affected Software : PHPDocumentor 1.3.0 rc4 and prior. Affected Platforms : Any system running the affected software. Solution: Vendor has not yet released a patch or an upgrade as of January 06, 2006. Information regarding this issue will be updated once the solution details are available. References: http://rgod.altervista.org/phpdocumentor_130rc4_incl_expl.html CVSS Score: CVSS Base Score : 5.6 (AV:R/AC:H/Au:NR/C:P/I:P/A:P/B:N) CVSS Temporal Score : 5.0 Risk factor : Medium"; script_description(english:desc["english"]); script_dependencies("http_version.nasl"); script_require_ports("Services/www", 80); exit(0); } include("http_func.inc"); include("http_keepalive.inc"); port = get_http_port(default:80); if(!port){ exit(0); } dirs = make_list("", "/PhpDocumentor", cgi_dirs()); foreach dir (dirs) { url = string(dir, "/docbuilder/top.php"); sendRequest = http_get(item:url, port:port); phpDoc = http_keepalive_send_recv(port:port, data:sendRequest, bodyonly:1); if(phpDoc == NULL){ exit(0); } if(egrep(pattern:"phpDocumentor v(1\.(2\..*|3\.0RC[0-4][^0-9]))", string:phpDoc)) { security_warning(port); exit(0); } }