Skip to content
cyberexploits
webappphptext

Netsweeper 4.0.8 - Authentication Bypass

Netsweeper 4.0.8 - Authentication Bypass

Published on 2015-08-21

Source code

Pinned to commit 7eac4c3a2ce5
textplatforms/php/webapps/37933.txt7eac4c3a
raw
+-----------------------------------------------------------------+

+ Netsweeper 4.0.8 - Authentication Bypass (New Profile Creation) +

+-----------------------------------------------------------------+

Affected Product: Netsweeper

Vendor Homepage : www.netsweeper.com

Version 	: 4.0.8 (and probably other versions)

Discovered by  	: Anastasios Monachos (secuid0) - [anastasiosm (at) gmail (dot) com]

Patched      	: Yes

CVE		: CVE-2014-9618



+---------------------+

+ Product Description +

+---------------------+

Netsweeper is a software solution specialized in content filtering.



+----------------------+

+ Exploitation Details +

+----------------------+

Netsweeper's 4.0.8 (and probably other versions) Client Filter Admin portal can be reached at http://netsweeper/webadmin/clientlogin/ and a username/password combination is required to Add a Profile, by setting the "action" parameter to "showdeny" it will force the admin interface to load and subsequently allow any non-authenticated user to create a new profile.



URL Path: http://netsweeper/webadmin/clientlogin/?srid=&action=showdeny&url=



+----------+

+ Solution +

+----------+

Upgrade to latest version.



+---------------------+

+ Disclosure Timeline +

+---------------------+

24-Nov-2014: Initial Communication

03-Dec-2014: Netsweeper responded

03-Dec-2014: Shared full details to replicate the issue

10-Dec-2014: Netsweeper fixed the issue in releases 3.1.10, 4.0.9, 4.1.2

17-Dec-2014: New releases 3.1.10, 4.0.9, 4.1.2 made available to the public

18-Dec-2014: Confirm fix

17-Jan-2015: CVE assigned CVE-2014-9618

11-Aug-2015: Public disclosure

View on GitHub