[VulnWatch] new bugs in MyWebServer

From: D4rkGr3y (grey_1999@mail.ru)
Date: 08/14/02

Date: Wed, 14 Aug 2002 23:40:55 +0400
From: D4rkGr3y <grey_1999@mail.ru>
To: bugtraq@securityfocus.com, vulnwatch@vulnwatch.org

Bugs founded in MyWebServer v.1.0.2.
You can download it from www.mywebserver.org.
1. Buffer overflow in MWS Search Engine.
Remote attacker can crash web-server (and run shell-code) by sending keyword with a large size.
Xsploit: http://vuln_host/MWS/HandleSearch.html?searchTarget=[990b_of_any_data]&B1=Submit
Fix: Turn off "Search Page" in MWS properties (www.vuln_host.com/admin/ServerProperties.html)
2. Remote JS/VB/HTML code execution.
Xsploit: http://vuln_host/[223b_of_any_data]<font%20size=50>DEFACED<!--//--
3. Real patch attack.
Xsploit: http://vuln_host/[not_exists_dir]
Then in the document source we can find patch from \ to wwwroot.

Advisoryed by D4rkGr3y (www.dhgroup.org)
Full information about all bugs (6) in MWS u can find here:
Only for Russian users.

P.S. Remote DoS\root exploit for MWS attached.