Archive for September, 2009|Monthly archive page
BSR Webweaver 1.33 /script security Bypass vulnerability
Filed under: Hacking & Security | Tags: BSR-webweaver, bypass, Exploit, scripts, version 1.33
Leave a Comment BSR Webweaver 1.33
Author : Usman Saeed , Exploit @ Xc0re Security Research Group.
[*] Date: 15/09/09
[*] http://www.brswebweaver.com/downloads.html
[*] Attack type : Remote
[*] Patch Status : Unpatched
[*] Description : In ISAPI/CGI path is [%installdirectory%/scripts] and through HTTP the alias is [http://[host]/scripts] ,The access security check is that if the attacker tries to access /scripts a 404 Error response occurs ! Now to bypass and check the directory listing [That is if Directory Browsing is allowed in the server Configuration !] just copy and paste the exploit url !.
This is the reason this exploit is not called a Directory Listing Exploit !
[*] Exploitation :
[+] http://[host]/scripts/%bg%ae%bg%ae/.exe
Kolibri+ Webserver 2 Multiple Vulnerabilities
Filed under: Hacking & Security | Tags: Directory Traversal, DOS, Exploit, GET, Http Server, Kolibri+ Webserver 2, Port
Comments (1) 
Kolibri+ Webserver 2 suffers from multiple vulnerabilities namely Directory Traversal & Denial OF Service. Vulnerability was reported on 6th of September 2009 by Xc0re Security Research Group.
http://xc0re.net/index.php?p=1_19_Kolibri+-Webserver-2-multiple-vulnerabilities
An attacker can easily crash the server , or send a crafted http request to escape the root directory and view any file , even outside the root directory.
