BSR Webweaver version 1.33 restriction bypass

2009-09-17 / 2009-09-18

Credit: Usman Saeed

Risk: Medium

Local: No

Remote: Yes

CVE: N/A

CWE: N/A

###########################################################################################
#
#   Name    :   BSR Webweaver Version 1.33 /Scripts access restriction bypass vulnerbility
#   Author  :   Usman Saeed
#   Company :   Xc0re Security Reasearch Group
#   Date    :   15/09/09
#   Homepage :  http://www.xc0re.net
#
###########################################################################################

[*] Download Page : http://www.brswebweaver.com/downloads.html

[*] Attack type : Remote

[*] Patch Status : Unpatched

[*] Description  : In ISAPI/CGI path is [%installdirectory%/scripts] and
through HTTP the alias is [http://[host]/scripts] ,

The access security check is that if the attacker tries to access /scripts
a 404 Error response occurs ! Now to bypass and

check the directory listing [That is if Directory Browsing is allowed in
the server Configuration !] just copy and paste the

exploit url !.

This is the reason this exploit is not called a Directory Listing Exploit !

[*] Exploitation :

        [+] http://127.0.0.1/scripts/%bg%ae%bg%ae/.exe

See this note in RAW Version

Vote for this issue:

50%

Thanks for you vote!

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.

Nick (*)

Email (*)

Video

Text (*)

(*) - required fields.

{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1

{{ x.comment }}

BSR Webweaver version 1.33 restriction bypass

Thanks for you vote!

Thanks for you comment!Your message is in quarantine 48 hours.

Thanks for you comment!
Your message is in quarantine 48 hours.