HelloWeb Arbitrary File Download Vulnerability
Vulnerability
An arbitrary file download vulnerability has been identified in HelloWeb version 2.0 and possibly in earlier versions. This vulnerability allows remote attackers to download sensitive system files by manipulating the 'filepath' and 'filename' parameters. Exploitation involves sending crafted GET requests to 'download.asp', using directory traversal techniques to access confidential configuration and system files.
Impact
Exploitation of this vulnerability could lead to unauthorized access to sensitive system files, including configuration files that may contain critical information such as database credentials or application secrets.
Reproduction
To reproduce this vulnerability, send a GET request to 'download.asp' with crafted 'filepath' and 'filename' parameters. The 'filepath' parameter can be manipulated to traverse directories and access files outside the intended directory. For example, setting 'filepath' to '/' and 'filename' to 'web.config' would download the 'web.config' file, which may contain sensitive configuration information.
Vulnerability Rating
Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.