eXtplorer v2.1 authentication bypass vulnerability
eXtplorer versions 2.1.2, 2.1.1, 2.1.0 and 2.1.0RC5 allow an unauthenticated user to bypass authentication and execute arbitrary files as the webserver user.
This vulnerability is only exploitable when eXtplorer is run as a standalone application. This issue has been patched in eXtplorer version 2.1.3.
Software
Software Link: http://extplorer.net/
Vulnerable Versions: 2.1.2, 2.1.1, 2.1.0 and v2.1.0RC5
Vendor Notification:
# 2012-12-25 - submitted bug report - bug id #105
# 2012-12-25 - vendor released patched version 2.1.3
# 2012-12-31 - advisory released
# 0x01 # Authentication Bypass
Sending a valid username with an empty password array allows anyone to log in as that user.
The following proof of concept is available:
An exploit is available here: https://github.com/rapid7/metasploit-framework/pull/1221