miniweb 0.8.19 - Multiple Vulnerabilities

ID EDB-ID:4923
Type exploitdb
Reporter Hamid Ebadi
Modified 2008-01-16T00:00:00


MiniWeb 0.8.19 Multiple Remote Vulnerabilities. CVE-2008-0337,CVE-2008-0338. Remote exploit for windows platform

                                            MiniWeb Multiple Vulnerabilities

MiniWeb is a mini HTTP server implementation written in C language,
featuring low system resource consumption, high efficiency, good
flexibility and high portability.
It is capable to serve multiple clients with a single thread,
supporting GET and POST methods, authentication, dynamic contents
(dynamic web page and page variable substitution) and file uploading.
MiniWeb runs on POSIX complaint OS, like Linux, as well as Microsoft Windows.
vulnerability discovered by : Hamid Ebadi  (ebadi _AT_

complete advisory and also source code auditing can be found at :  (persian)  (english)

vulnerable version : MiniWeb 0.8.19 (C)2005 Written by Stanley Huang


directory traversals  :

An input validation error in the URL request handling in
mwGetLocalFileName()   function ( http.c)  can  be exploited to
disclose arbitrary files (and also Directory listing)  outside the web
root via directory traversals  attacks via the " /.%2e/" or "/%2e%2e/"

Proof of Concept :
Directory listing:

disclose arbitrary files:

Heap based buffer overflow vulnerability :

There is also heap based buffer overflow in this web server
The vulnerability is caused due to a boundary error in
_mwProcessReadSocket() function (http.c) when handling HTTP requests.
This can be exploited by sending an overly long, specially crafted
request, which can cause a heap overflow and allow arbitrary code
execution with the privileges of the web service.

Proof of Concept :
GET /AAAA...[3600 - 4000]...AAAA/ HTTP/1.0

Edit the source code (for more information see this article)  (persian)  (english)

Copyright  :

# [2008-01-16]