CVE-2007-6316

BarracudaDrive Web Server < 3.8 - Cross-Site Scripting via URI Path in Log Trace Page

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2007-6316.

AI-analyzed exploit summary The exploit demonstrates multiple vulnerabilities in BarracudaDrive Web Server, including directory traversal, script source visualization, arbitrary file deletion, NULL pointer crash, and HTML injection. It provides specific HTTP requests to exploit these issues.

Description

Cross-site scripting (XSS) vulnerability in BarracudaDrive Web Server before 3.8 allows remote attackers to inject arbitrary web script or HTML via the URI path in an HTTP GET request, which is activated by administrators viewing log files via the Trace page.

Exploits (1)

exploitdb WORKING POC

remotewindows

https://www.exploit-db.com/exploits/4713

View Code ZIP pw:eip

The exploit demonstrates multiple vulnerabilities in BarracudaDrive Web Server, including directory traversal, script source visualization, arbitrary file deletion, NULL pointer crash, and HTML injection. It provides specific HTTP requests to exploit these issues.

Classification

Working Poc 95%

Attack Type

Other

Complexity

Trivial

Reliability

Reliable

Target: BarracudaDrive Web Server <= 3.7.2

Auth required

Prerequisites: Network access to the target server · Valid user credentials for certain exploits

MITRE ATT&CK