FlexWATCH 3.0 - 'AIndex.asp' Authentication Bypass

EDB-ID:

28208




Platform:

ASP

Date:

2006-07-12


Become a Certified Penetration Tester

Enroll in Advanced Web Attacks and Exploitation , the course required to become an Offensive Security Web Expert (OSWE)

GET CERTIFIED

source: https://www.securityfocus.com/bid/18948/info

FlexWatch is prone to an authorization-bypass vulnerability. This issue is due to a failure in the application to properly verify user-supplied input.

An attacker can exploit this issue to bypass the authorization mechanism. This allows the attacker to gain unauthorized access to the surveillance system.

Versions 3.0 and prior are affected.

An attacker can bypass the protection of protected pages using /..%2f and access to administrative area: Network Camera V3.0: http:www.exampe.com//camera/..%2fadmin/aindex.asp Networks Camera Prior versions: http://www.example.com/camera/app/..%2fadmin/aindex.htm