SCAN Associates Sdn Bhd Security Advisory Products: Foxweb 2.5 (http://www.foxweb.com) Date: 5th September 2003 Author: pokleyzz <pokleyzz_at_scan-associates.net> Contributors: sk_at_scan-associates.net shaharil_at_scan-associates.net munir_at_scan-associates.net URL: http://www.scan-associates.net Summary: Foxweb 2.5 buffer in foxweb CGI and ISAPI extension Description ======== FoxWeb is a Web application development tool, which can be used to quickly and easily integrate your FoxPro and client-server databases with the Web and to build interactive Web applications for intranets or the Internet. Take advantage of the fastest PC-based database engine and ease of use of Visual FoxPro to create dynamic Web content. Whether you are a seasoned developer or a "newbie," FoxWeb provides the tools and resources to help you create interactive applications in less time and with less effort. Details ====== There is buffer overflow in PATH_INFO for foxweb.dll and foxweb.exe from foxweb 2.5. It will occur when user suppy overlong PATH_INFO (over 3000 byte). ex: http://www.com/scripts/foxweb.dll/[3000 A's] This stackbase overflow is easy to exploit and may lead to command execution as webuser. Proof of concept ============ [see attachment] Vendor Response ============ Vendor has been contacted on 28th July 2003 and patch is available.
This archive was generated by hypermail 2b30 : Fri Sep 05 2003 - 01:40:20 PDT