CVE-2007-6314

BarracudaDrive Web Server <3.8 - Info Disclosure

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2007-6314.

AI-analyzed exploit summary The exploit demonstrates multiple vulnerabilities in BarracudaDrive Web Server, including directory traversal, script source visualization, arbitrary file deletion, NULL pointer crash, and HTML injection. It provides specific HTTP requests to exploit these vulnerabilities.

Description

BarracudaDrive Web Server before 3.8 allows remote attackers to read the source code for web scripts by appending a (1) + (plus), (2) . (dot), or (3) %80 and similar characters to the file name in the URL.

Exploits (1)

exploitdb WORKING POC

remotewindows

https://www.exploit-db.com/exploits/4713

View Code ZIP pw:eip

The exploit demonstrates multiple vulnerabilities in BarracudaDrive Web Server, including directory traversal, script source visualization, arbitrary file deletion, NULL pointer crash, and HTML injection. It provides specific HTTP requests to exploit these vulnerabilities.

Classification

Working Poc 100%

Attack Type

Other

Complexity

Trivial

Reliability

Reliable

Target: BarracudaDrive Web Server <= 3.7.2

Auth required

Prerequisites: Network access to the target server · Valid user credentials for authenticated exploits

MITRE ATT&CK