Published: 21/06/2006 Updated: 18/10/2018

CVSS v2 Base Score: 5 | Impact Score: 2.9 | Exploitability Score: 10

VMScore: 505

Vector: AV:N/AC:L/Au:N/C:N/I:P/A:N

CRLF injection vulnerability in Bitweaver 1.3 allows remote malicious users to conduct HTTP response splitting attacks by via CRLF sequences in multiple unspecified parameters that are injected into HTTP headers, as demonstrated by the BWSESSION parameter in index.php.

Vulnerable Product	Search on Vulmon	Subscribe to Product
bitweaver bitweaver 1.3

#!/usr/bin/php -q -d short_open_tag=on <? echo "bitweaver <= v13 'tmpImagePath' attachment mod_mime exploit\r\n"; echo "by rgod rgod@autisticiorg\r\n"; echo "site: retrogodaltervistaorg\r\n"; echo "dork: \"powered by bitweaver\"\r\n\r\n"; if ($argc<4) { echo "Usage: php "$argv[0]" host path cmd OPTIONS\r\n"; echo "host: ...

NVD-CWE-Other http://retrogod.altervista.org/bitweaver_13_xpl.html http://sourceforge.net/project/shownotes.php?release_id=336854&group_id=141358 http://www.bitweaver.org/articles/45 http://www.osvdb.org/26590 http://securityreason.com/securityalert/1115 https://exchange.xforce.ibmcloud.com/vulnerabilities/27348 http://www.securityfocus.com/archive/1/437491/100/0/threaded https://nvd.nist.gov https://www.exploit-db.com/exploits/1918/

Get Started

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Twitter Reddit Linkedin Facebook

CVE-2006-3105

Vulnerability Summary

Exploits

References

Vulmon Search

About

Products

Connect