lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list] 
Message-ID: <1093371257_58061@mail.cableone.net>
Date: Tue, 24 Aug 2004 13:31:24 -0500
From: "GulfTech Security" <security@...ftech.org>
To: <bugtraq@...urityfocus.com>
Subject: Easy File Sharing Webserver v1.25 Vulnerabilities

##########################################################
# GulfTech Security Research	         August, 24th 2004
##########################################################
# Vendor  : EFS Software Inc.
# URL     : http://www.sharing-file.com
# Version : Easy File Sharing Webserver v1.25
# Risk    : Unauthorized System Access && DoS
##########################################################

Description:
Easy File Sharing Web Server is a file sharing software 
that allows visitors to upload/download files easily 
through a Web Browser (IE,Netscape,Opera etc.). It can help 
you share files with your friends and colleagues. They can 
download files from your computer or upload files from 
theirs. They will not be required to install this software 
or any other software because an internet browser is enough. 
Easy File Sharing Web Server also provides a Bulletin Board 
System (Forum). It allows remote users to post messages and 
files to the forum.



Unauthorized System Access:
The authorization function used by EFS Webserver is supposed
to keep just anyone from being able to access your files. But
this is not the case and an attacker has read access to the 
entire hard drive by default.

http://127.0.0.1/disk_c

This url will give an attacker read access to the entire C
drive. The issue is exploited by requesting the name of a
virtual folder on the server. (disk_c is there by default)



Denial of Service:
Easy File Sharing Web Server can be DoS'ed and even remotely
crashed by sending a number of large HTTP requests to the web
server. The CPU usage goes up to 99% and in some cases crash.
Attached is a Proof Of Concept script for this issue.



Solution:
The developers were contacted but never responded to my emails



Related Info:
The original advisory can be found at the following location
http://www.gulftech.org/?node=research&article_id=00045-08242004


Credits:
James Bercegay of the GulfTech Security Research Team

Download attachment "efswsdos.pl" of type "application/octet-stream" (1248 bytes)

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ