lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list]
Message-ID: <20060309113059.29736.qmail@securityfocus.com>
Date: 9 Mar 2006 11:30:59 -0000
From: revnic@...il.com
To: bugtraq@...urityfocus.com
Subject: Easy File Sharing Web Server Multiple Vulnerablilities


Easy File Sharing Web Server Multiple Vulnerablilities

Software: Easy File Sharing Web Server
Version: 3.2
Website: http://www.sharing-file.com/


Description:
Easy File Sharing Web Server is a Windows program that allows
you to host a secure peer-to-peer and web-based file sharing 
system without any additional software or services.

Vulnerabilities:

1) Remote System Compromise:

A registered user can upload a malicious file to a Startup folder,
leading to system compromise after reboot.
http://192.168.1.1/disk_c/Documents%20and%20Settings/All%20Users/Start%20Menu/Programs/Startup

Exploit: not needed.


2) Denial of Service:

By sending a specifically crafted GET request, the EFS web server
will crash.

Exploit: http://192.168.1.1/?%25n


3) Cross-Site Scripting:

It is possible to insert arbitrary script code like
<script>alert(document.cookie);</script>
in "Description" field when creating a folder or uploading a file.


Tested on:
Windows 2000 SP4
Windows XP SP2


Credit:
Discovered by Revnic Vasile
revnic@...il.com


Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ