lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list] 
Date: Thu, 22 Jan 2004 20:14:50 +0200
From: "Rafel Ivgi, The-Insider" <theinsider@....net.il>
To: "bugtraq" <bugtraq@...urityfocus.com>
Cc: "securitytracker" <bugs@...uritytracker.com>
Subject: NetBus Pro Web Server Direcory Listing And Remote File Upload


~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Software:        NetBus Web Server
Vendor:           http://ultraaccess.net/
Versions:        Pro
Platforms:       Unix
Bug:                 Direcory Listing And Remote File Upload
Risk:                High
Exploitation:   Remote with browser
Date:               22 Jan 2004
Author:            Rafel Ivgi, The-Insider
e-mail:             the_insider@...l.com
web:                http://theinsider.deep-ice.com

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

1) Introduction
2) Bug
3) The Code

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

===============
1) Introduction
===============

NetBus Pro is a "Trojan Horse". It is a virus that opens a port and listens
until some attacker will connect the port and do what ever he wishes on
the machine. If a password is set and the default port number is changed
it can be used as a remote control software.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

======
2) Bug
======

Although NetBus Pro is a virus, it has a web server built in.
If an attacker connects to the server he gets a default page, with
no special links or options.
However requesting:

http://<host>//
Or
http://<host>/./

Will Show the root path directory listing and a file upload function.
This allows any one to download local files, upload anything and possibly
take over the machine.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

===========
3) The Code
===========

http://<host>//
http://<host>/./

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

--- 
Rafel Ivgi, The-Insider
http://theinsider.deep-ice.com

"Things that are unlikeable, are NOT impossible."

Powered by blists - more mailing lists