CVE-2012-5192
published 2014-01-28CVE-2012-5192: Directory traversal vulnerability in gmap/view_overlay.php in Bitweaver 2.8.1 and earlier allows remote attackers to read arbitrary files via "''%2F" (dot dot…
PriorityP350medium5CVSS 2.0
AVNACLAuNCPINAN
EXPLOIT
EPSS
52.48%
98.8th percentile
Directory traversal vulnerability in gmap/view_overlay.php in Bitweaver 2.8.1 and earlier allows remote attackers to read arbitrary files via "''%2F" (dot dot encoded slash) sequences in the overlay_type parameter.
Affected
11 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| bitweaver | bitweaver | <= 2.8.1 | — |
| bitweaver | bitweaver | — | — |
| bitweaver | bitweaver | — | — |
| bitweaver | bitweaver | — | — |
| bitweaver | bitweaver | — | — |
| bitweaver | bitweaver | — | — |
| bitweaver | bitweaver | — | — |
| bitweaver | bitweaver | — | — |
| bitweaver | bitweaver | — | — |
| bitweaver | bitweaver | — | — |
| bitweaver | bitweaver | — | — |
Detection & IOCsextracted from sources · hover to see the quote
urlhttp://A.B.C.D/bitweaver/gmap/view_overlay.php?overlay_type=..%2F..%2F..%2F..%2F..%2F..%2F..%2F/etc/passwd%00↗
- →Detect directory traversal attempts targeting the 'overlay_type' parameter in GET requests to gmap/view_overlay.php. Look for URL-encoded dot-dot-slash sequences (%2F) and null byte (%00) in the parameter value. ↗
- →Flag HTTP requests to view_overlay.php where the overlay_type parameter contains encoded traversal patterns such as ..%2F or null byte termination (%00) used to bypass extension filtering. ↗
- →The Metasploit auxiliary module 'scanner/http/bitweaver_overlay_type_traversal' can be used to confirm exploitability during assessments; its traffic pattern (repeated traversal depth increments against view_overlay.php) is a reliable detection signal. ↗
- ·The null byte (%00) termination technique used in the PoC is effective only on PHP installations where null byte handling in file path functions is not patched (typically PHP < 5.3.4). Detections relying solely on %00 may miss variants on patched PHP versions. ↗
- ·The NVD advisory describes the traversal encoding as "''%2F" (dot dot encoded slash), meaning the dots are literal and only the slash is percent-encoded. Detection rules must account for this specific encoding pattern rather than fully encoded traversal strings. ↗
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No detection rules found.
Exploit-DB
Bitweaver 2.8.1 - Multiple Vulnerabilities
exploitdb·2012-10-24·CVSS 5.0
CVE-2012-5193 [MEDIUM] Bitweaver 2.8.1 - Multiple Vulnerabilities
Bitweaver 2.8.1 - Multiple Vulnerabilities
---
Trustwave SpiderLabs Security Advisory TWSL2012-016:
Multiple Vulnerabilities in Bitweaver
Published: 10/23/2012
Version: 1.0
Vendor: Bitweaver (http://www.bitweaver.org/)
Product: Bitweaver
Version affected: 2.8.1 and earlier versions
Product description:
Bitweaver is a free and open source web application framework and content
management system. Bitweaver is written in PHP and uses Firebird as a
database backend.
Credit: David Aaron and Jonathan Claudius of Trustwave SpiderLabs
Finding 1: Local File Inclusion Vulnerability
CVE: CVE-2012-5192
The 'overlay_type' parameter in the 'gmap/view_overlay.php' page in
Bitweaver is vulnerable to a local file inclusion vulnerability.
This vulnerability can be demonstrated by traversing to a kno
Metasploit
Bitweaver overlay_type Directory Traversal
metasploit
Bitweaver overlay_type Directory Traversal
Bitweaver overlay_type Directory Traversal
This module exploits a directory traversal vulnerability found in Bitweaver. When handling the 'overlay_type' parameter, view_overlay.php fails to do any path checking/filtering, which can be abused to read any file outside the virtual directory.
No writeups or analysis indexed.
2014-01-28
Published