Netmechanica NetDecision Dashboard Server Information Disclosure Vulnerability

  • Post author:
  • Reading time:1 mins read

SecPod Research Team member (Prabhu S Angadi) has found Information Disclosure Vulnerability in Netmechanica NetDecision Dashboard Server. The vulnerability is caused due to improper validation of malicious HTTP requests to the Dashboard server appended with ‘?’ character, which discloses the Dashboard server’s web script physical path.

POC : Download here.

More information can be found here.

CVE Info : CVE-2012-1464

Welcome any feedback or suggestion.

Cheers!
SecPod Research Team