Detections
Analytics

BlogEngine.NET api/BlogImporter.asmx GetFile Function Unauthorized Access

high Nessus Plugin ID 51564

Language:

Synopsis

The remote web server contains a script that can be abused to copy files.

Description

The web server hosts BlogEngine.NET, an open source .NET blogging project.

An install of the software on the remote host allows unauthenticated access to the 'GetFile' function of the 'api/BlogImporter.asmx' script. An unauthenticated, remote attacker may be able to abuse this function to copy files on the affected host, possibly originating from third-party hosts and possibly to directories outside the application's 'App_Data\files' directory.

Successful exploitation may result in disclosure of sensitive information, allow for execution of arbitrary code, fill up disk space, or even facilitate attacks against third-party hosts.

Note that Nessus has only verified that the affected function and script are accessible without authentication although it's possible that the code has been changed to prevent abuse without changing how it responds to the requests that Nessus uses.

Solution

Upgrade to BlogEngine.Net 2.0 or remove the affected script.

See Also

https://archive.codeplex.com/?p=blogengine

Plugin Details

Severity: High

ID: 51564

File Name: blogengine_getfile_accessible.nasl

Version: 1.9

Type: remote

Family: CGI abuses

Published: 1/18/2011

Updated: 4/11/2022

Configuration: Enable thorough checks

Supported Sensors: Nessus

Risk Information

CVSS v2

Risk Factor: High

Base Score: 7.5

Temporal Score: 6.2

Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P

Vulnerability Information

Required KB Items: www/ASP

Excluded KB Items: Settings/disable_cgi_scanning

Exploit Available: true

Exploit Ease: Exploits are available

Patch Publication Date: 1/1/2011

Vulnerability Publication Date: 1/5/2011

Reference Information

BID: 45681