CVE-2004-0465

WebConnect <6.5-6.4.4 - Path Traversal

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2004-0465. PoCs published by karak0rsan.

AI-analyzed exploit summary This exploit targets WebConnect versions 6.4.4 to 6.5 by sending multiple HTTP requests to access sensitive files (e.g., boot.ini) via directory traversal. It also attempts to trigger a DoS by flooding the server with requests to COM ports.

Description

Directory traversal vulnerability in jretest.html in WebConnect 6.5 and 6.4.4, and possibly earlier versions, allows remote attackers to read keys within arbitrary INI formatted files via "..//" sequences in the WCP_USER parameter.

Exploits (1)

exploitdb WORKING POC VERIFIED

by karak0rsan · perldosmultiple

https://www.exploit-db.com/exploits/838

View Code ZIP pw:eip

This exploit targets WebConnect versions 6.4.4 to 6.5 by sending multiple HTTP requests to access sensitive files (e.g., boot.ini) via directory traversal. It also attempts to trigger a DoS by flooding the server with requests to COM ports.

Classification

Working Poc 90%

Attack Type

Info Leak | Dos

Complexity

Trivial

Reliability

Reliable

Target: WebConnect 6.4.4 - 6.5

No auth needed

Prerequisites: Network access to the target server

MITRE ATT&CK