[VulnWatch] KF Web Server version 1.0.2 shows file and directory content

• Previous message: Adam Slattery: "[VulnWatch] sparc exploit for known solaris 8 kcms_configure overflow"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

From: Securiteinfo.com <webmaster@securiteinfo.com>
To: nobody@securiteinfo.com
Date: Sun, 7 Jul 2002 21:42:47 +0200

KF Web Server version 1.0.2 shows file and directory content

.oO Overview Oo.
KF Web Server version 1.0.2 shows file and directory content
Discovered on 2002, July, 2nd
Vendor: KeyFocus (http://www.keyfocus.net/kfws/)

KF Web Server 1.0.2 is a free personal web server available for Windows
98,ME,2000,XP. This web server can shows file and directory content.

.oO Details Oo.
If the requested URL contains a %00 after a directory name, then the server
shows all files in the directory content.
A hacker can see all hidden (non-HTML linked) files and directories on the
server.

.oO Exploit Oo.
The exploit is really easy. You can do it with any browser
Examples :
http://server_name/index.html : Normal use.
http://server_name/%00 : You get the vulnerability.
http://server_name/index.html%00 : Is *not* vulnerable.
http://server_name/%00index.html : You get the vulnerability. In fact
everything after %00 is ignored.
http://server_name/subdir/%00 : You get the vulnerability.

.oO Solution Oo.
The vendor has been informed and has solved the problem.
Upgrade to KF Web Server version 1.0.3
(http://www.keyfocus.net/kfws/download/)

.oO Discovered by Oo.
Arnaud Jacques aka scrap
webmaster@securiteinfo.com
http://www.securiteinfo.com

• Previous message: Adam Slattery: "[VulnWatch] sparc exploit for known solaris 8 kcms_configure overflow"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Relevant Pages [NEWS] MDG Web Server 4D Buffer Overflow (GET) ... The following security advisory is sent to the securiteam mailing list, and can be found at the SecuriTeam web site: http://www.securiteam.com ... A buffer overflow vulnerability exists within MDG Web Server 4D. ... Vendor was notified on 04/27/2003. ... (Securiteam) SecurityFocus Microsoft Newsletter #102 ... MICROSOFT VULNERABILITY SUMMARY ... Microsoft Windows Media Player File Attachment Script Execution... ... Microsoft TSAC ActiveX Control Buffer Overflow Vulnerability ... Abyss Web Server Malicious HTTP Request Information Disclosure... ... (Focus-Microsoft) SecurityFocus Microsoft Newsletter #95 ... MICROSOFT VULNERABILITY SUMMARY ... BEA Systems WebLogic Server and Express Race Condition Denial... ... Key Focus KF Web Server Directory Contents Disclosure... ... KMMail Code Injection Vulnerability ... (Focus-Microsoft) SecurityFocus Microsoft Newsletter #93 ... cyber attacks and bulletproof countermeasures to prevent attacks before ... MICROSOFT VULNERABILITY SUMMARY ... YaBB Invalid Topic Error Page Cross Site Scripting Vulnerability ... GameCheats Advanced Web Server Malformed HTTP Request Denial Of... ... (Focus-Microsoft) Directory traversal vulnerability in sendform.cgi ... any remote attacker can use sendform.cgi to read ... arbitrary files with the privileges of the web server by modifying ... Thanks to Rod Clark for diligently addressing this vulnerability. ... 2002/05/16: initial notification to vendor ... (Vuln-Dev)

• Security
• UNIX
• Linux
• Coding
• Usenet

• News
• Mailing-Lists
• Newsgroups
• Service
• About
• Privacy
• Search
• Imprint