BSR Webweaver version 1.33 restriction bypass

2009-09-17 / 2009-09-18
Credit: Usman Saeed
Risk: Medium
Local: No
Remote: Yes
CVE: N/A
CWE: N/A

########################################################################################### # # Name : BSR Webweaver Version 1.33 /Scripts access restriction bypass vulnerbility # Author : Usman Saeed # Company : Xc0re Security Reasearch Group # Date : 15/09/09 # Homepage : http://www.xc0re.net # ########################################################################################### [*] Download Page : http://www.brswebweaver.com/downloads.html [*] Attack type : Remote [*] Patch Status : Unpatched [*] Description : In ISAPI/CGI path is [%installdirectory%/scripts] and through HTTP the alias is [http://[host]/scripts] , The access security check is that if the attacker tries to access /scripts a 404 Error response occurs ! Now to bypass and check the directory listing [That is if Directory Browsing is allowed in the server Configuration !] just copy and paste the exploit url !. This is the reason this exploit is not called a Directory Listing Exploit ! [*] Exploitation : [+] http://127.0.0.1/scripts/%bg%ae%bg%ae/.exe


Vote for this issue:
50%
50%


 

Thanks for you vote!


 

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.


(*) - required fields.  
{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1
{{ x.comment }}

Copyright 2024, cxsecurity.com

 

Back to Top