BasiliX login.php3 username Variable Arbitrary Command Execution

medium Nessus Plugin ID 14304

Synopsis

The remote web server contains a PHP script that is prone to arbitrary command execution.

Description

The remote host appears to be running a version of BasiliX between 1.0.2beta or 1.0.3beta. In such versions, the script 'login.php3' fails to sanitize user input, which enables a remote attacker to pass in a specially crafted value for the parameter 'username' with arbitrary commands to be executed on the target using the permissions of the web server.

Solution

Upgrade to BasiliX version 1.1.0 or later.

See Also

http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2001-09/0017.html

Plugin Details

Severity: Medium

ID: 14304

File Name: basilix_arbitrary_command_execution.nasl

Version: 1.19

Type: remote

Family: CGI abuses

Published: 8/9/2004

Updated: 1/19/2021

Supported Sensors: Nessus

Risk Information

CVSS v2

Risk Factor: Medium

Base Score: 6.8

Temporal Score: 6.8

Vector: CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P

Vulnerability Information

Required KB Items: www/basilix

Exploit Available: true

Exploit Ease: No exploit is required

Reference Information

BID: 3276