header-logo
Suggest Exploit
vendor:
BSR Webweaver
by:
Usman Saeed
7.5
CVSS
HIGH
Directory Listing Bypass
22
CWE
Product Name: BSR Webweaver
Affected Version From: 1.33
Affected Version To: 1.33
Patch Exists: NO
Related CWE: N/A
CPE: a:brs_webweaver:bsr_webweaver
Metasploit: N/A
Other Scripts: N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References: N/A
Nuclei Metadata: N/A
Platforms Tested: N/A
2009

BSR Webweaver Version 1.33 /Scripts access restriction bypass vulnerbility

In ISAPI/CGI path is [%installdirectory%/scripts] and through HTTP the alias is [http://[host]/scripts], The access security check is that if the attacker tries to access /scripts a 404 Error response occurs ! Now to bypass and check the directory listing [That is if Directory Browsing is allowed in the server Configuration !] just copy and paste the exploit url !.

Mitigation:

Ensure that directory browsing is disabled on the server.
Source

Exploit-DB raw data:

###########################################################################################
#
#   Name    :   BSR Webweaver Version 1.33 /Scripts access restriction bypass vulnerbility
#   Author  :   Usman Saeed
#   Company :   Xc0re Security Reasearch Group
#   Date    :   15/09/09
#   Homepage :  http://www.xc0re.net
#
###########################################################################################


[*] Download Page : http://www.brswebweaver.com/downloads.html


[*] Attack type : Remote


[*] Patch Status : Unpatched



[*] Description  : In ISAPI/CGI path is [%installdirectory%/scripts] and
through HTTP the alias is [http://[host]/scripts] ,

The access security check is that if the attacker tries to access /scripts
a 404 Error response occurs ! Now to bypass and

check the directory listing [That is if Directory Browsing is allowed in
the server Configuration !] just copy and paste the

exploit url !.

This is the reason this exploit is not called a Directory Listing Exploit !



[*] Exploitation :


        [+] http://127.0.0.1/scripts/%bg%ae%bg%ae/.exe

# milw0rm.com [2009-09-15]

Navigation

Suggest Exploit

Services By CQR