CVE-2012-1464

NetMechanica NetDecision < 4.5.1 - Information Disclosure via Trailing Question Mark

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2012-1464. PoCs published by SecPod Research.

AI-analyzed exploit summary This exploit demonstrates an information disclosure vulnerability in Netmechanica NetDecision Dashboard Server version 1.0 by sending a malformed HTTP GET request with a '?' character, which reveals the physical path of the web script directory.

Description

Dashboard Server for NetMechanica NetDecision before 4.6.1 allows remote attackers to obtain the installation path via a request with a trailing "?" character, which causes Dashboard to attempt to access a non-existent resource. NOTE: some of these details are obtained from third party information.

Exploits (1)

exploitdb WORKING POC VERIFIED

by SecPod Research · pythonremotewindows

https://www.exploit-db.com/exploits/18543

View Code ZIP pw:eip

This exploit demonstrates an information disclosure vulnerability in Netmechanica NetDecision Dashboard Server version 1.0 by sending a malformed HTTP GET request with a '?' character, which reveals the physical path of the web script directory.

Classification

Working Poc 100%

Attack Type

Info Leak

Complexity

Trivial

Reliability

Reliable

Target: Netmechanica NetDecision Dashboard Server version 1.0

No auth needed

Prerequisites: Network access to the target server on port 8090

MITRE ATT&CK