########################################################################################### # # Name : BSR Webweaver Version 1.33 /Scripts access restriction bypass vulnerbility # Author : Usman Saeed # Company : Xc0re Security Reasearch Group # Date : 15/09/09 # Homepage : http://www.xc0re.net # ########################################################################################### [*] Download Page : http://www.brswebweaver.com/downloads.html [*] Attack type : Remote [*] Patch Status : Unpatched [*] Description : In ISAPI/CGI path is [%installdirectory%/scripts] and through HTTP the alias is [http://[host]/scripts] , The access security check is that if the attacker tries to access /scripts a 404 Error response occurs ! Now to bypass and check the directory listing [That is if Directory Browsing is allowed in the server Configuration !] just copy and paste the exploit url !. This is the reason this exploit is not called a Directory Listing Exploit ! [*] Exploitation : [+] http://127.0.0.1/scripts/%bg%ae%bg%ae/.exe