BRS Webweaver 1.33 - '/Scripts' Access Restriction Bypass

EDB-ID:

9676

CVE:

N/A

EDB Verified:

Author:

Usman Saeed

Type:

remote

Exploit:   /  

Platform:

Windows

Date:

2009-09-15

Vulnerable App: 
###########################################################################################
#
#   Name    :   BSR Webweaver Version 1.33 /Scripts access restriction bypass vulnerbility
#   Author  :   Usman Saeed
#   Company :   Xc0re Security Reasearch Group
#   Date    :   15/09/09
#   Homepage :  http://www.xc0re.net
#
###########################################################################################


[*] Download Page : http://www.brswebweaver.com/downloads.html


[*] Attack type : Remote


[*] Patch Status : Unpatched



[*] Description  : In ISAPI/CGI path is [%installdirectory%/scripts] and
through HTTP the alias is [http://[host]/scripts] ,

The access security check is that if the attacker tries to access /scripts
a 404 Error response occurs ! Now to bypass and

check the directory listing [That is if Directory Browsing is allowed in
the server Configuration !] just copy and paste the

exploit url !.

This is the reason this exploit is not called a Directory Listing Exploit !



[*] Exploitation :


        [+] http://127.0.0.1/scripts/%bg%ae%bg%ae/.exe

# milw0rm.com [2009-09-15]
Tags:
Advisory/Source: Link
Databases Links Sites Solutions
Exploits Search Exploit-DB OffSec Courses and Certifications
Google Hacking Submit Entry Kali Linux Learn Subscriptions
Papers SearchSploit Manual VulnHub OffSec Cyber Range
Shellcodes Exploit Statistics Proving Grounds
Penetration Testing Services
Exploits Google Hacking Papers Shellcodes
Search Exploit-DB Submit Entry SearchSploit Manual Exploit Statistics
OffSec Kali Linux VulnHub
Courses and Certifications Learn Subscriptions OffSec Cyber Range Proving Grounds Penetration Testing Services