Script http-vuln-cve2013-6786

Script types: portrule
Categories: exploit, vuln
Download: https://svn.nmap.org/nmap/scripts/http-vuln-cve2013-6786.nse

Script Summary

Detects a URL redirection and reflected XSS vulnerability in Allegro RomPager Web server. The vulnerability has been assigned CVE-2013-6786.

The check is general enough (script tag injection via Referer header) that some other software may be vulnerable in the same way.

See also:

• http-vuln-misfortune-cookie.nse

Script Arguments

slaxml.debug

See the documentation for the slaxml library.

http.host, http.max-body-size, http.max-cache-size, http.max-pipeline, http.pipeline, http.truncated-ok, http.useragent

See the documentation for the http library.

smbdomain, smbhash, smbnoguest, smbpassword, smbtype, smbusername

See the documentation for the smbauth library.

vulns.short, vulns.showall

See the documentation for the vulns library.

Example Usage

• nmap -p80 --script http-vuln-cve2013-6786 <target>

• nmap -sV http-vuln-cve2013-6786 <target>
  

Script Output

PORT   STATE SERVICE
80/tcp open  http
| http-vuln-cve2013-6786:
|   VULNERABLE:
|   URL redirection and reflected XSS vulnerability in Allegro RomPager Web server
|     State: VULNERABLE (Exploitable)
|     IDs:  CVE:CVE-2013-6786
|
|     Devices based on Allegro RomPager web server are vulnerable to URL redirection
|     and reflected XSS. If Referer header in a request to a non existing page, data
|     can be injected into the resulting 404 page. This includes linking to an
|     untrusted website and XSS injection.
|     Disclosure date: 2013-07-1
|     References:
|_      https://antoniovazquezblanco.github.io/docs/advisories/Advisory_RomPagerXSS.pdf

Requires

• http
• shortport
• vulns
• stdnse
• rand

---

Author:

• Vlatko Kosturjak <kost@linux.hr>

License: Same as Nmap--See https://nmap.org/book/man-legal.html