FlexWatch 3.0 AIndex.ASP Authorization Bypass Vulnerability

2006-07-12T00:00:00
ID EDB-ID:28208
Type exploitdb
Reporter Jaime Blasco
Modified 2006-07-12T00:00:00

Description

FlexWatch 3.0 AIndex.ASP Authorization Bypass Vulnerability. CVE-2006-3604. Webapps exploit for asp platform

                                        
                                            source: http://www.securityfocus.com/bid/18948/info

FlexWatch is prone to an authorization-bypass vulnerability. This issue is due to a failure in the application to properly verify user-supplied input.

An attacker can exploit this issue to bypass the authorization mechanism. This allows the attacker to gain unauthorized access to the surveillance system.

Versions 3.0 and prior are affected.

An attacker can bypass the protection of protected pages using /..%2f and access to administrative area: Network Camera V3.0: http:www.exampe.com//camera/..%2fadmin/aindex.asp Networks Camera Prior versions: http://www.example.com/camera/app/..%2fadmin/aindex.htm