WebWasher Classic 2.2/2.3 - HTTP CONNECT Unauthorized Access

EDB-ID:

25066

CVE:

2005-0316

EDB Verified:

Author:

Oliver Karow

Type:

remote

Exploit:   /  

Platform:

Multiple

Date:

2005-01-28

Vulnerable App: 
source: https://www.securityfocus.com/bid/12394/info

It is reported that WebWasher Classic is prone to a weakness that may allow remote attackers to connect to arbitrary ports on a vulnerable computer.

This weakness may be combined with other attacks to exploit latent vulnerabilities. An attacker can bypass access controls implemented by the application through this attack.

WebWasher Classic 3.3 and 2.2.1 are reported prone to this weakness. Other versions may be affected as well. 

The following proof of concept is available:
1) Start a netcat listener on the WebWasher system:
netcat -L -p 99 -s 127.0.0.1 < hallo.txt
2) Connect to the WebWasher proxy port (default 8080/tcp)
3) Enter command "CONNECT 127.0.0.1:99 HTTP/1.0"

As a result, content of hallo.txt will appear.
Tags:
Advisory/Source: Link
Databases Links Sites Solutions
Exploits Search Exploit-DB OffSec Courses and Certifications
Google Hacking Submit Entry Kali Linux Learn Subscriptions
Papers SearchSploit Manual VulnHub OffSec Cyber Range
Shellcodes Exploit Statistics Proving Grounds
Penetration Testing Services
Exploits Google Hacking Papers Shellcodes
Search Exploit-DB Submit Entry SearchSploit Manual Exploit Statistics
OffSec Kali Linux VulnHub
Courses and Certifications Learn Subscriptions OffSec Cyber Range Proving Grounds Penetration Testing Services