Vulnerabilities > CVE-2005-0818 - Unspecified vulnerability in Punbb 1.2.3

047910
CVSS 4.3 - MEDIUM
Attack vector
NETWORK
Attack complexity
MEDIUM
Privileges required
NONE
Confidentiality impact
NONE
Integrity impact
PARTIAL
Availability impact
NONE
network
punbb
nessus
exploit available
NVD
Published: 2005-05-02
Updated: 2017-07-11

Summary

Cross-site scripting (XSS) vulnerability in PunBB 1.2.3 allows remote attackers to inject arbitrary web script or HTML via the (1) email or (2) Jabber parameters.

Vulnerable Configurations

Part Description Count
Application
Punbb
1

Exploit-Db

descriptionPunBB 1.2.3 Multiple HTML Injection Vulnerabilities. CVE-2005-0818. Webapps exploit for php platform
idEDB-ID:25230
last seen2016-02-03
modified2005-03-16
published2005-03-16
reporterbenji lemien
sourcehttps://www.exploit-db.com/download/25230/
titlePunBB 1.2.3 - Multiple HTML Injection Vulnerabilities

Nessus

NASL familyCGI abuses : XSS
NASL idPUNBB_PROFILE_CODE_INJECTION.NASL
descriptionAccording to its banner, the version of PunBB installed on the remote host fails to properly sanitize user input to the script
last seen2020-06-01
modified2020-06-02
plugin id17363
published2005-03-18
reporterThis script is Copyright (C) 2005-2018 Tenable Network Security, Inc.
sourcehttps://www.tenable.com/plugins/nessus/17363
titlePunBB profile.php Multiple Parameter XSS
code
#
# (C) Tenable Network Security
#


include("compat.inc");

if (description) {
  script_id(17363);
  script_version("1.13");

  script_cve_id("CVE-2005-0818");
  script_bugtraq_id(12828);

  script_name(english:"PunBB profile.php Multiple Parameter XSS");
 
 script_set_attribute(attribute:"synopsis", value:
"The remote web server contains a PHP application that is affected by
several cross-site scripting vulnerabilities." );
 script_set_attribute(attribute:"description", value:
"According to its banner, the version of PunBB installed on the remote
host fails to properly sanitize user input to the script 'profile.php'
through the 'email' and 'Jabber' parameters.  An attacker could
exploit this flaw to embed malicious script or HTML code in his
profile.  Then, whenever someone browses that profile, the code would
be executed in that person's browser in the context of the website,
enabling the attacker to conduct cross-site scripting attacks." );
 script_set_attribute(attribute:"see_also", value:"http://securitytracker.com/alerts/2005/Mar/1013446.html" );
 script_set_attribute(attribute:"solution", value:
"Upgrade to PunBB version 1.2.4 or later." );
 script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:N/I:P/A:N");
 script_set_cvss_temporal_vector("CVSS2#E:H/RL:OF/RC:C");
 script_set_attribute(attribute:"exploitability_ease", value:"No exploit is required");
 script_set_attribute(attribute:"exploit_available", value:"false");
 script_cwe_id(20, 74, 79, 442, 629, 711, 712, 722, 725, 750, 751, 800, 801, 809, 811, 864, 900, 928, 931, 990);

 script_set_attribute(attribute:"plugin_publication_date", value: "2005/03/18");
 script_set_attribute(attribute:"vuln_publication_date", value: "2005/04/08");
 script_cvs_date("Date: 2018/07/25 18:58:03");
script_set_attribute(attribute:"plugin_type", value:"remote");
script_end_attributes();

 
  summary["english"] = "Detects input validation vulnerabilities in PunBB's profile.php";
  script_summary(english:summary["english"]);
 
  script_category(ACT_GATHER_INFO);
  script_family(english:"CGI abuses : XSS");
 
  script_copyright(english:"This script is Copyright (C) 2005-2018 Tenable Network Security, Inc.");

  script_dependencie("punBB_detect.nasl");
  script_exclude_keys("Settings/disable_cgi_scanning");
  script_require_ports("Services/www", 80);
  script_require_keys("www/punBB");
  exit(0);
}

include("global_settings.inc");
include("misc_func.inc");
include("http.inc");


port = get_http_port(default:80);
if (!can_host_php(port:port)) exit(0);


# Test an install.
install = get_kb_item(string("www/", port, "/punBB"));
if (isnull(install)) exit(0);
matches = eregmatch(string:install, pattern:"^(.+) under (/.*)$");
if (!isnull(matches)) {
  ver = matches[1];

  if (ver =~ "^1\.(1|2$|2\.[1-3]([^0-9]|$))")
  {
    security_warning(port);
    set_kb_item(name: 'www/'+port+'/XSS', value: TRUE);
  }
}

References