Visit our newest sister site!
Hundreds of free aircraft flight manuals
Civilian • Historical • Military • Declassified • FREE!


TUCoPS :: Web :: Servers :: axis1.htm

Axis 700 Network Scanner (Software Version 1.12) - Get Admin URLs without logon!



Vulnerability

    Axis 700 Network Scanner

Affected

    Axis 700 Network Scanner (Software Version 1.12)

Description

    Ian  Vitek  posted   following  (Infosec  Security   Vulnerability
    Report).  By modifying an URL, outsiders can access  administrator
    URLs  without   entering  username   and  password.    Threat   is
    unauthorized access.

    User pages are located under

        http://server/user/

    The URL to the configuration page is:

        http://server/admin/this_axis700/this_axis700.shtml

    This page is password  protected.  The actual  configuration takes
    place on the pages linked from this page.  By changing the URL to:

        http://server/user/../admin/this_axis700/this_axis700.shtml

    gives  an  outsider  access  to  the  configuration  page  without
    entering username and password.  The server seems to check  access
    permissions before URL conversion.  The server also decodes %1u to
    %2e (not a vulnerability).

Solution

    Version 1.14  should fix  this vulnerability.   Infosec recommends
    everyone to try to access their authorized pages with URLs as:

        http://server/NonPrivPage/../PrivPage/


TUCoPS is optimized to look best in Firefox® on a widescreen monitor (1440x900 or better).
Site design & layout copyright © 1986-2014 AOH