CVE-2005-0305
published 2005-05-02CVE-2005-0305: CRLF injection vulnerability in users.php in Siteman 1.1.10 and earlier allows remote attackers to add arbitrary users and gain privileges via the line…
PriorityP344high7.5CVSS 2.0
AVNACLAuNCPIPAP
EXPLOIT
EPSS
7.85%
94.0th percentile
CRLF injection vulnerability in users.php in Siteman 1.1.10 and earlier allows remote attackers to add arbitrary users and gain privileges via the line parameter in a docreate operation.
Affected
2 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| siteman | siteman | — | — |
| siteman | siteman | — | — |
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No detection rules found.
Exploit-DB
Siteman 1.1 - User Database Privilege Escalation (1)
exploitdb·2005-01-19
CVE-2005-0305 Siteman 1.1 - User Database Privilege Escalation (1)
Siteman 1.1 - User Database Privilege Escalation (1)
---
source: https://www.securityfocus.com/bid/12304/info
Siteman is reported prone to a vulnerability that may allow users to gain elevated privileges. This issue results from insufficient sanitization of user-supplied data.
Apparently, an attacker can supply additional lines to the stream used to write to the user database file through a URI parameter. This can allow the attacker to corrupt the user database file and potentially gain administrative privileges to the Siteman application.
Siteman 1.1.10 and prior versions are affected by this vulnerability.
#!/usr/bin/perl -w
#
# Exploit by Noam Rathaus - Beyond Security Ltd.
# Exploit for the SiteMan vulnerability discovered by: "amironline452"
#
use Digest::MD5 qw(md5 md5_hex md5
Exploit-DB
Siteman 1.1 - User Database Privilege Escalation (2)
exploitdb·2005-01-19
CVE-2005-0305 Siteman 1.1 - User Database Privilege Escalation (2)
Siteman 1.1 - User Database Privilege Escalation (2)
---
source: https://www.securityfocus.com/bid/12304/info
Siteman is reported prone to a vulnerability that may allow users to gain elevated privileges. This issue results from insufficient sanitization of user-supplied data.
Apparently, an attacker can supply additional lines to the stream used to write to the user database file through a URI parameter. This can allow the attacker to corrupt the user database file and potentially gain administrative privileges to the Siteman application.
Siteman 1.1.10 and prior versions are affected by this vulnerability.
These data were recorded.Username(Use this, and not your display name,
when
logging in)amir452PasswordClick to show password
amir452Secret
Question (Asked when you forget your
No writeups or analysis indexed.
http://marc.info/?l=bugtraq&m=110627350616949&w=2http://marc.info/?l=bugtraq&m=110643320814371&w=2http://securitytracker.com/id?1012951http://www.osvdb.org/13131http://www.securityfocus.com/bid/12304https://exchange.xforce.ibmcloud.com/vulnerabilities/18998http://marc.info/?l=bugtraq&m=110627350616949&w=2http://marc.info/?l=bugtraq&m=110643320814371&w=2http://securitytracker.com/id?1012951http://www.osvdb.org/13131http://www.securityfocus.com/bid/12304https://exchange.xforce.ibmcloud.com/vulnerabilities/18998
2005-05-02
Published