Exploit FlexWATCH 3.0 - 'AIndex.asp' Authentication Bypass

Exploiter

Хакер
34,644
0
18 Дек 2022
EDB-ID
28208
Проверка EDB
  1. Пройдено
Автор
JAIME BLASCO
Тип уязвимости
WEBAPPS
Платформа
ASP
CVE
cve-2006-3604
Дата публикации
2006-07-12
Код:
source: https://www.securityfocus.com/bid/18948/info

FlexWatch is prone to an authorization-bypass vulnerability. This issue is due to a failure in the application to properly verify user-supplied input.

An attacker can exploit this issue to bypass the authorization mechanism. This allows the attacker to gain unauthorized access to the surveillance system.

Versions 3.0 and prior are affected.

An attacker can bypass the protection of protected pages using /..%2f and access to administrative area: Network Camera V3.0: http:www.exampe.com//camera/..%2fadmin/aindex.asp Networks Camera Prior versions: http://www.example.com/camera/app/..%2fadmin/aindex.htm
 
Источник
www.exploit-db.com

Похожие темы