CVE-2007-4385

OWASP Stinger < 2.4 - Input Validation Bypass via Multipart Encoding

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2007-4385. PoCs published by Meder Kydyraliev.

AI-analyzed exploit summary This Java-based exploit demonstrates a filter-bypass vulnerability in OWASP Stinger by converting URL-encoded POST requests to multipart requests, allowing attackers to bypass the filter. It leverages the BeanShell scripting environment within WebScarab to manipulate HTTP requests.

Description

OWASP Stinger before 2.5 allows remote attackers to bypass input validation routines by using multipart encoded requests instead of form-urlencoded requests. NOTE: this might be used to expose vulnerabilities in applications that would otherwise be protected by the validation routines.

Exploits (1)

exploitdb WORKING POC VERIFIED

by Meder Kydyraliev · javaremotemultiple

https://www.exploit-db.com/exploits/30491

View Code ZIP pw:eip

This Java-based exploit demonstrates a filter-bypass vulnerability in OWASP Stinger by converting URL-encoded POST requests to multipart requests, allowing attackers to bypass the filter. It leverages the BeanShell scripting environment within WebScarab to manipulate HTTP requests.

Classification

Working Poc 90%

Attack Type

Auth Bypass

Complexity

Moderate

Reliability

Reliable

Target: OWASP Stinger < 2.5

No auth needed

Prerequisites: Access to a vulnerable OWASP Stinger instance · Ability to send crafted HTTP requests

MITRE ATT&CK