PBLang Bulletin Board Multiple HTML Injection and XSS

Medium Nessus Network Monitor Plugin ID 2643

Synopsis

The remote host is vulnerable to multiple attack vectors.

Description

The remote host is running PBLang, a bulletin board system written in PHP. This version of PBLang is vulnerable to a remote Cross-Site Scripting (XSS) flaw. In addition, this version of PBLang is vulnerable to an HTML injection flaw within the pmpshow.php script. An attacker exploiting these flaws would be need to be able to convince a user to click on a malicious URL. Upon successful exploitation, the attacker would be able to steal credentials or execute code within the browser. A third flaw, which does not require user interaction, has been discovered with this version of PBLang. Specifically, files outside of the web root may be displayed to remote users. This sort of attack is known as a 'directory-traversal' attack, and would allow an attacker to craft a remote query such that the returned data would contain potentially confidential data (/etc/passwd file, HTTPD configuration files, and more.)

Solution

Upgrade or patch according to vendor recommendations.

See Also

http://archives.neohapsis.com/archives/bugtraq/2005-02/0406.html

http://archives.neohapsis.com/archives/bugtraq/2005-02/0407.html

http://archives.neohapsis.com/archives/bugtraq/2005-03/0015.html

http://archives.neohapsis.com/archives/bugtraq/2005-03/0019.html

http://www.nessus.org/u?a6808b6a

Plugin Details

Severity: Medium

ID: 2643

Family: CGI

Published: 2005/02/24

Modified: 2016/02/05

Dependencies: 1442

Nessus ID: 17209

Risk Information

Risk Factor: Medium

CVSSv2

Base Score: 6.5

Temporal Score: 6.5

Vector: CVSS2#AV:N/AC:L/Au:S/C:P/I:P/A:P

Temporal Vector: CVSS2#E:H/RL:U/RC:ND

CVSSv3

Base Score: 6.2

Temporal Score: 6.2

Vector: CVSS3#AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L

Temporal Vector: CVSS3#E:H/RL:U/RC:X

Reference Information

CVE: CVE-2005-0631, CVE-2005-0526, CVE-2005-0630

BID: 12631, 12633, 12634, 12666, 12694, 12690