header-logo
Suggest Exploit
vendor:
BPM Studio Pro
by:
SecurityFocus
7.5
CVSS
HIGH
Directory Traversal
22
CWE
Product Name: BPM Studio Pro
Affected Version From: 4.2
Affected Version To: 4.2
Patch Exists: NO
Related CWE: N/A
CPE: a:bpm_studio_pro:bpm_studio_pro
Metasploit: N/A
Other Scripts: N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References: N/A
Nuclei Metadata: N/A
Platforms Tested: Microsoft Windows
2002

BPM Studio Pro HTTPD Directory Traversal Vulnerability

BPM Studio Pro is a shareware MP3 mixer and player. It includes a HTTP server for managing the player via a web interface. The BPM Studio Pro HTTPD does not adequately filter dot-dot-slash (../) sequences from web requests. As a result, it is possible for a remote attacker to break out of wwwroot and browse the filesystem of the host. This may lead to disclosure of sensitive information as the remote attacker may display arbitrary web-readable files.

Mitigation:

Ensure that the HTTPD implementation is not enabled by default and that all requests are properly filtered.
Source

Exploit-DB raw data:

source: https://www.securityfocus.com/bid/4198/info

BPM Studio Pro is a shareware MP3 mixer and player. It runs on Microsoft Windows operating systems. BPM Studio Pro includes a HTTP server for managing the player via a web interface.

The BPM Studio Pro HTTPD does not adequately filter dot-dot-slash (../) sequences from web requests. As a result, it is possible for a remote attacker to break out of wwwroot and browse the filesystem of the host. This may lead to disclosure of sensitive information as the remote attacker may display arbitrary web-readable files.

This is compounded by the fact that webservers on Microsoft Windows systems are normally run with SYSTEM privileges.

This issue reportedly affects BPM Studio Pro 4.2. Earlier versions may also be affected. It also should be noted that the HTTPD implementation is not enabled by default. 


http://BPM-HOST/../../../../autoexec.bat

Navigation

Suggest Exploit

Services By CQR