CVE-2005-3153
published 2005-10-05CVE-2005-3153: login.php in myBloggie 2.1.3 beta and earlier allows remote attackers to bypass a whitelist regular expression and conduct SQL injection attacks via a username…
PriorityP428high7.5CVSS 2.0
AVNACLAuNCPIPAP
EPSS
1.51%
71.3th percentile
login.php in myBloggie 2.1.3 beta and earlier allows remote attackers to bypass a whitelist regular expression and conduct SQL injection attacks via a username parameter with SQL after a null character, which causes the whitelist check to succeed but injects the SQL into a query string, a different vulnerability than CVE-2005-2838. NOTE: it is possible that this is actually a bug in PHP code, in which case this should not be treated as a myBloggie vulnerability.
Affected
1 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| mywebland | mybloggie | — | — |
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
CWE
Improper Neutralization of Null Byte or NUL Character
mitre_cwe
CWE-158 Improper Neutralization of Null Byte or NUL Character
CWE-158: Improper Neutralization of Null Byte or NUL Character
The product receives input from an upstream component, but it does not neutralize or incorrectly neutralizes NUL characters or null bytes when they are sent to a downstream component.
As data is parsed, an injected NUL character or null byte may cause the product to believe the input is terminated earlier than it actually is, or otherwise cause the input to be misinterpreted. This could then be used to inject potentially dangerous input that occurs after the null byte or otherwise bypass validation routines and other protection mechanisms.
Modes of Introduction:
Phase: Implementation
Common Consequences:
Scope: Integrity. Impact: Unexpected State.
Potential Mitigations:
Developers should anticipate that null characters or
CWE
Incorrect Regular Expression
mitre_cwe
CWE-185 Incorrect Regular Expression
CWE-185: Incorrect Regular Expression
The product specifies a regular expression in a way that causes data to be improperly matched or compared.
When the regular expression is used in protection mechanisms such as filtering or validation, this may allow an attacker to bypass the intended restrictions on the incoming data.
Modes of Introduction:
Phase: Implementation
Common Consequences:
Scope: Other. Impact: Unexpected State, Varies by Context. When the regular expression is not correctly specified, data might have a different format or type than the rest of the program expects, producing resultant weaknesses or errors.
Scope: Access Control. Impact: Bypass Protection Mechanism. In PHP, regular expression checks can sometimes be bypassed with a null byte, leading to any number of weakn
CWE
Null Byte Interaction Error (Poison Null Byte)
mitre_cwe·CVSS 7.5
[HIGH] CWE-626 Null Byte Interaction Error (Poison Null Byte)
CWE-626: Null Byte Interaction Error (Poison Null Byte)
The product does not properly handle null bytes or NUL characters when passing data between different representations or components.
A null byte (NUL character) can have different meanings across representations or languages. For example, it is a string terminator in standard C libraries, but Perl and PHP strings do not treat it as a terminator. When two representations are crossed - such as when Perl or PHP invokes underlying C functionality - this can produce an interaction error with unexpected results. Similar issues have been reported for ASP. Other interpreters written in C might also be affected. The poison null byte is frequently useful in path traversal attacks by terminating hard-coded extensions that are added to a filena
http://marc.info/?l=bugtraq&m=112818273307878&w=2http://mywebland.com/forums/showtopic.php?t=399http://rgod.altervista.org/mybloggie213b.htmlhttp://securityreason.com/securityalert/42http://securitytracker.com/id?1014995http://www.osvdb.org/19935http://marc.info/?l=bugtraq&m=112818273307878&w=2http://mywebland.com/forums/showtopic.php?t=399http://rgod.altervista.org/mybloggie213b.htmlhttp://securityreason.com/securityalert/42http://securitytracker.com/id?1014995http://www.osvdb.org/19935
2005-10-05
Published