EServ/2.99: problems
From: D4rkGr3y (grey_1999_at_mail.ru)
Date: 05/22/03
- Previous message: Gyrniff: "iisPROTECT SQL injection in admin interface"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Wed, 21 May 2003 19:40:00 -0700 To: bugtraq@security.nnov.ru, bugtraq@securityfocus.com
-----BEGIN PGP SIGNED MESSAGE-----
###############################################################*
# Damage Hacking Group security advisory
# www.dhgroup.org
###############################################################*
#Product: EServ/2.95-99
#Authors: Etype Co. [www.eserv.ru]
#Vulnerability: multiple bugs
###############################################################*
#Overview#-----------------------------------------------------#
Imho Eserv is the best russian server. It includes http, pop,
smtp, ftp, nntp, socks, proxy, finger servers. You can download
it from www.eserv.ru .
#Problems#------------------------------------------------------#
1. Viewing web-directory content even if there is an index-file.
Ex.:
GET /? HTTP/1.1
This request will return content of wwwroot dir.
2. Any remote user can use http\ftp servers as anonymous (!!!)
proxy servers even if the password is set in settings or
proxy is switched off! So, if administrator wants to use http
server on 80 port and doesn`t want to use http proxy on 8080
he could not manage it. Through 80 port any person can
browse the Internet.
The interesting thing is that it works in back order.
For example, if user has switched http server off and http
proxy is on, he can use it as a standard web server. And it is
obvious that if user has no site there is no index.html! And we
can see contents of a folder wwwroot.
The authors insisted that server had troubles because i had
installed it over the previous version. And that it has
no vulnerabilities in default configuration. I insure you
that it is not truth.
PS. I want to remind you that ftp server also can be used as ftp
proxy.
#wow#-----------------------------------------------------------#
%$#@ www.dhgroup.org -=> opened English version! Come on in :)
#eof
Best regards www.dhgroup.org
D4rkGr3y icq 540981
-----BEGIN PGP SIGNATURE-----
Version: PGPfreeware 7.0.3 for non-commercial use <http://www.pgp.com>
iQCVAwUBPsw4e24LIpseSJmPAQFocgP+JOaORsuvFNodcJwl4xX5//V7EYvPa1h3
VlHuXfuC0MpDrdlK7i4cMQcHm/DCklucF5FTyIU4aNgsHm4GWkyko3oZLAmGCk2E
GqfyEN69NYUJh/KpRcpBc4KhDUslH2AOuZD/RvW8CM7vqnI0D+PG+JCM22Bf8e1m
PpAOcMFuWZ4=
=6JlP
-----END PGP SIGNATURE-----
- Previous message: Gyrniff: "iisPROTECT SQL injection in admin interface"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
