[<prev] [next>] [day] [month] [year] [list]
Message-ID: <004101c3e113$a088e460$0b3016ac@fucku>
Date: Thu, 22 Jan 2004 20:14:50 +0200
From: "Rafel Ivgi, The-Insider" <theinsider@....net.il>
To: "bugtraq" <bugtraq@...urityfocus.com>
Cc: "securitytracker" <bugs@...uritytracker.com>
Subject: NetBus Pro Web Server Direcory Listing And Remote File Upload
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Software: NetBus Web Server
Vendor: http://ultraaccess.net/
Versions: Pro
Platforms: Unix
Bug: Direcory Listing And Remote File Upload
Risk: High
Exploitation: Remote with browser
Date: 22 Jan 2004
Author: Rafel Ivgi, The-Insider
e-mail: the_insider@...l.com
web: http://theinsider.deep-ice.com
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
1) Introduction
2) Bug
3) The Code
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
===============
1) Introduction
===============
NetBus Pro is a "Trojan Horse". It is a virus that opens a port and listens
until some attacker will connect the port and do what ever he wishes on
the machine. If a password is set and the default port number is changed
it can be used as a remote control software.
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
======
2) Bug
======
Although NetBus Pro is a virus, it has a web server built in.
If an attacker connects to the server he gets a default page, with
no special links or options.
However requesting:
http://<host>//
Or
http://<host>/./
Will Show the root path directory listing and a file upload function.
This allows any one to download local files, upload anything and possibly
take over the machine.
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
===========
3) The Code
===========
http://<host>//
http://<host>/./
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
---
Rafel Ivgi, The-Insider
http://theinsider.deep-ice.com
"Things that are unlikeable, are NOT impossible."
Powered by blists - more mailing lists