CVE-2007-2048

webMethods Glue <= 6.5.1 - Directory Traversal via Resource Parameter

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2007-2048. PoCs published by Patrick Webster.

AI-analyzed exploit summary This exploit demonstrates a directory traversal vulnerability in webMethods Glue 6.5.1, allowing attackers to retrieve arbitrary files by manipulating the 'resource' parameter in the URL. The PoC provides example URLs to access sensitive files like 'boot.ini'.

Description

Directory traversal vulnerability in /console in the Management Console in webMethods Glue 6.5.1 and earlier allows remote attackers to read arbitrary system files via a .. (dot dot) in the resource parameter.

Exploits (1)

exploitdb WORKING POC VERIFIED

by Patrick Webster · textremotewindows

https://www.exploit-db.com/exploits/29843

View Code ZIP pw:eip

This exploit demonstrates a directory traversal vulnerability in webMethods Glue 6.5.1, allowing attackers to retrieve arbitrary files by manipulating the 'resource' parameter in the URL. The PoC provides example URLs to access sensitive files like 'boot.ini'.

Classification

Working Poc 90%

Attack Type

Info Leak

Complexity

Trivial

Reliability

Reliable

Target: webMethods Glue 6.5.1

No auth needed

Prerequisites: Network access to the vulnerable application

MITRE ATT&CK