WebSpeed Workshop Arbitrary Command Execution

high Nessus Plugin ID 25088

Synopsis

The remote web server hosts an application that allows for arbitrary command execution.

Description

The remote web server appears to be using WebSpeed, a website creation language used with database-driven websites.

The installation of WebSpeed on the remote host is configured to operate in 'Development' mode and allows access to the WebSpeed Workshop, an environment intended for developing Web-based Internet Transaction Processing applications. The Workshop environment allows for unauthenticated access to a number of tools, including one for executing arbitrary commands on the remote host subject to the privileges of the web server user id.

Solution

Change WebSpeed's Agent Application Mode to 'Production'.

See Also

https://community.progress.com/

Plugin Details

Severity: High

ID: 25088

File Name: webspeed_workshop_oscommand.nasl

Version: 1.17

Type: remote

Family: CGI abuses

Published: 4/26/2007

Updated: 4/11/2022

Configuration: Enable thorough checks

Supported Sensors: Nessus

Risk Information

CVSS v2

Risk Factor: High

Base Score: 7.5

Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P

CVSS v3

Risk Factor: High

Base Score: 8.8

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Vulnerability Information

Excluded KB Items: Settings/disable_cgi_scanning

Exploited by Nessus: true