AOH :: Web :: Apps :: BVISION.HTM

AOH :: Web :: Apps :: BVISION.HTM
BroadVision One-To-One Enterprise - discover path to server files

Vulnerability

    BroadVision

Affected

    BroadVision One-To-One Enterprise (Maybe all vesions)

Description

    Ben Jurry found following.  BroadVision One-To-One Enterprise  are
    architected from the ground up using open industry standards,  are
    inherently  distributable,  and  easily  tailored  to  fit  unique
    business needs.  The key benefits of Java technologies -- ease  of
    programming,  interoperability  and  connectivity  --  are core to
    BroadVision's product philosophy.  There are many webs using  this
    software include GE Supply.

    BroadVision One-To-One Enterprise  contains a vulnerability  which
    reveals server information.   Requesting a non-existent file,  the
    server will reveal the physical path of server files as following:

        "Script /appl/bv1to1/bv1to1_var/script-root/login/benjurry.jsp failed, reason unknown "

    Exploit:

        http://target/benjurry.jsp

        Script /appl/bv1to1/bv1to1_var/script-root/login/benjurry.jsp failed, reason unknown

Solution

    Nothing yet.

The entire AOH site is optimized to look best in Firefox® 3 on a widescreen monitor (1440x900 or better). Site design & layout copyright © 1986-2009 AOH
We do not send spam. If you have received spam bearing an artofhacking.com email address, please forward it with full headers to abuse@artofhacking.com.