CVE-2005-2892
published 2005-09-14CVE-2005-2892: Directory traversal vulnerability in setcookie.php in PBLang 4.65, and possibly earlier versions, allows remote attackers to read arbitrary files via ".."…
PriorityP430medium5CVSS 2.0
AVNACLAuNCPINAN
EXPLOIT
EPSS
3.41%
87.4th percentile
Directory traversal vulnerability in setcookie.php in PBLang 4.65, and possibly earlier versions, allows remote attackers to read arbitrary files via ".." sequences and "%00" (trailing null byte) in the u parameter.
Affected
1 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| pblang | pblang | — | — |
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No detection rules found.
Exploit-DB
PBLang Bulletin Board System - Local File Inclusion
exploitdb·2012-03-13
CVE-2005-2892 PBLang Bulletin Board System - Local File Inclusion
PBLang Bulletin Board System - Local File Inclusion
---
||\\ || || || |-\\ //-| ____ ________ __________
|| \\ || || || | |\\ //| | | \ | ______| |_______/ /
|| \\ || || || | | \\ // | | | _ \ | | / /
|| \\ || || || | | \\ // | | | |_) | | |______ /\`'__\ / /
|| \\ || || || | | \\ // | | | _ < | ______| \ \ \/ / /
|| \\ || ||_______|| | | \\// | | | |_) | | |______ \ \_\ / /
|| \\|| |_________| |_| |_| |_____/ |________| \/_/ /_/
# Exploit Title: [PBLang local file include vulnerability]
# Google Dork: ["Software PBLang 4.67.16.a"]
# Date: [12/03/2012]
# Author: ~Pseudo: [Number 7];
~ Twitter:[@TunisianSeven];
~ Blog: [http://tunisianseven.blogspot.com/]
# Software Link: [http://garr.dl.sourceforge.net/project/pblang/Full%20versions/PBLang%204.67.16.a%20no%20graphics/PBLang-4.67.16.a-nog
Exploit-DB
PBLang 4.65 Bulletin Board System - 'SetCookie.php' Directory Traversal
exploitdb·2005-09-07
CVE-2005-2892 PBLang 4.65 Bulletin Board System - 'SetCookie.php' Directory Traversal
PBLang 4.65 Bulletin Board System - 'SetCookie.php' Directory Traversal
---
source: https://www.securityfocus.com/bid/14765/info
PBLang is affected by a directory traversal vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input.
Exploitation of this vulnerability could lead to a loss of confidentiality. Information obtained may aid in further attacks against the underlying system; other attacks are also possible.
http://www.example.com/pblang/setcookie.php?u=../../../../../etc/passwd%00
No writeups or analysis indexed.
http://marc.info/?l=bugtraq&m=112611338417979&w=2http://secunia.com/advisories/16711/http://securitytracker.com/alerts/2005/Sep/1014861.htmlhttp://www.securityfocus.com/bid/14765https://exchange.xforce.ibmcloud.com/vulnerabilities/22185http://marc.info/?l=bugtraq&m=112611338417979&w=2http://secunia.com/advisories/16711/http://securitytracker.com/alerts/2005/Sep/1014861.htmlhttp://www.securityfocus.com/bid/14765https://exchange.xforce.ibmcloud.com/vulnerabilities/22185
2005-09-14
Published