omnihttpd.webserver.txt

1999-08-17T00:00:00
ID PACKETSTORM:11822
Type packetstorm
Reporter Packet Storm
Modified 1999-08-17T00:00:00

Description

                                        
                                            `Date: Sat, 5 Jun 1999 09:53:51 +0300  
From: Valentin Perelogin <viktor@PARNU.EE>  
To: BUGTRAQ@netspace.org  
Subject: Remote Exploit (Bug) in OmniHTTPd Web Server  
  
Hi all,  
The exploit (bug) will make temp files on the server until servers hdd  
is full.  
And anyone can do it remotely.  
By default visadmin.exe (Visitor Administrator) is in cgi-bin directory.  
  
What you need to do, is to type this url:  
http://omni.server/cgi-bin/visadmin.exe?user=guest  
Thats all. Now in some minutes is servers hdd full!!  
  
Fix: Remove visadmin.exe from cgi-bin directory.  
  
Valentin Perelõgin  
`