BPM Studio Pro HTTPD Directory Traversal Vulnerability

vendor:

BPM Studio Pro

by:

SecurityFocus

7.5

CVSS

HIGH

Directory Traversal

CWE

Product Name: BPM Studio Pro

Affected Version From: 4.2

Affected Version To: 4.2

Patch Exists: NO

Related CWE: N/A

CPE: a:bpm_studio_pro:bpm_studio_pro

Metasploit: N/A

Other Scripts: N/A

Tags: N/A

CVSS Metrics: N/A

Nuclei References: N/A

Nuclei Metadata: N/A

Platforms Tested: Microsoft Windows

2002

BPM Studio Pro HTTPD Directory Traversal Vulnerability

BPM Studio Pro is a shareware MP3 mixer and player. It includes a HTTP server for managing the player via a web interface. The BPM Studio Pro HTTPD does not adequately filter dot-dot-slash (../) sequences from web requests. As a result, it is possible for a remote attacker to break out of wwwroot and browse the filesystem of the host. This may lead to disclosure of sensitive information as the remote attacker may display arbitrary web-readable files.

Mitigation:

Ensure that the HTTPD implementation is not enabled by default and that all requests are properly filtered.

Source

Exploit-DB raw data:

source: https://www.securityfocus.com/bid/4198/info

BPM Studio Pro is a shareware MP3 mixer and player. It runs on Microsoft Windows operating systems. BPM Studio Pro includes a HTTP server for managing the player via a web interface.

The BPM Studio Pro HTTPD does not adequately filter dot-dot-slash (../) sequences from web requests. As a result, it is possible for a remote attacker to break out of wwwroot and browse the filesystem of the host. This may lead to disclosure of sensitive information as the remote attacker may display arbitrary web-readable files.

This is compounded by the fact that webservers on Microsoft Windows systems are normally run with SYSTEM privileges.

This issue reportedly affects BPM Studio Pro 4.2. Earlier versions may also be affected. It also should be noted that the HTTPD implementation is not enabled by default. 


http://BPM-HOST/../../../../autoexec.bat