|
Family: CGI abuses --> Category: infos
PBLang BBS <= 4.65 Multiple Vulnerabilities Vulnerability Scan
Vulnerability Scan Summary Checks for multiple vulnerabilities in PBLang BBS <= 4.65
Detailed Explanation for this Vulnerability Test
Synopsis :
The remote web server contains a PHP application that suffers from
multiple flaws.
Description :
According to its banner, the remote host is running a version of
PBLang BBS, a bulletin board system written in PHP, that suffers from
the following vulnerabilities:
- HTML Injection Vulnerability in pmpshow.php.
A possible hacker can inject arbitrary HTML and script into the
body of PMs sent to users allowing for theft of
authentication cookies or misrepresentation of the site.
- Cross-Site Scripting Vulnerability in search.php.
If a possible hacker can trick a user into following a specially
crafted link to search.php from an affected version of
PBLang, he can inject arbitrary script into the user's
browser to, say, steal authentication cookies.
- Remote PHP Script Injection Vulnerability in ucp.php.
PBLang allows a user to enter a PHP script into his/her
profile values, to be executed with the permissions of
the web server user whenever the user logs in.
- Directory Traversal Vulnerability in sendpm.php.
A logged-in user can read arbitrary files, subject to
permissions of the web server user, by passing full
pathnames through the 'orig' parameter when calling
sendpm.php.
- Arbitrary Personal Message Deletion Vulnerability in delpm.php.
A logged-in user can delete anyone's personal messages by
passing a PM id through the 'id' parameter and a username
through the 'a' parameter when calling delpm.php.
See also :
http://archives.neohapsis.com/archives/bugtraq/2005-02/0406.html
http://archives.neohapsis.com/archives/bugtraq/2005-02/0407.html
http://archives.neohapsis.com/archives/bugtraq/2005-03/0015.html
http://archives.neohapsis.com/archives/bugtraq/2005-03/0019.html
http://www.nessus.org/u?a6808b6a
Solution :
Upgrade to PBLang 4.66z or later.
Threat Level:
Low / CVSS Base Score : 2
(AV:R/AC:H/Au:NR/C:N/A:N/I:P/B:N)
Click HERE for more information and discussions on this network vulnerability scan.
|