Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in

ANHTTPd.txt

🗓️ 22 Apr 2003 00:00:00Reported by Matthew MurphyType 
packetstorm
 packetstorm🔗 packetstormsecurity.com👁 29 Views

AN HTTPd is a Windows web server with vulnerability allowing directory traversal and file overwrite.

Code
`Product Description  
  
AN HTTPd is a relatively small, powerful web server designed for Windows  
systems. It supports ISAPI, CGI, SSI, and several other powerful  
technologies (such as isolated worker processes) usually only seen in  
production servers. More information on AN HTTPd is available at  
http://www.st.rim.or.jp/~nakata/  
  
Vulnerability Description  
  
AN HTTPd (1.42h and prior) ships with several sample scripts demonstrating  
various interpreters the server is capable of using. One of these,  
"count.pl", is deployed in the "/isapi" virtual directory. It takes the  
query string as part of a file path, which it uses as a page counter. AN  
HTTPd does not check for directory traversals, and also does not prevent  
non-numeric data from being used as counters.  
  
Issuing the following request:  
http://www.somesite.com/isapi/count.pl?../../../../../../../../../../../../.  
./../../../../../../../../../ctr.dll  
  
Will place "ctr.dll" in the root of C: with a "1" as its contents. This  
same trick also works on writable files that already exist. An effective  
patch for this vulnerability is to issue the following request:  
  
http://www.somesite.com/isapi/count.pl?count.pl  
  
This will destroy the vulnerable component, preventing further exploitation.  
Be nice, kiddies :-D  
  
Some nastier stuff:  
  
http://www.somesite.com/isapi/count.pl?../../../../../../../../../../../../.  
./../../../../../../../../../windows/system32/calc.exe  
  
You get the idea...  
  
Impact  
  
Attackers can overwrite any file that the CGI user can access (this userid  
is SYSTEM by default if running as a service, or the user running the binary  
if in GUI mode -- usually an administrator). Contents of the destroyed  
files cannot be sufficiently controlled to allow for exploitation in most  
cases, as the file is replaced with numeric data.  
  
Solution  
  
Remove this crappy sample script, and write a web counter that uses  
centralized configuration. The exploit shown above will remove this file  
from a vulnerable system.  
  
`

Data

Build on a solid foundation with Vulners data

We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data

Api

Power your application with Vulners API

The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access

App

Assess and manage vulnerabilities with Vulners tools

Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation

Book a live demo
22 Apr 2003 00:00Current
7.4High risk
Vulners AI Score7.4
an httpdweb serverwindows systemsdirectory traversalfile overwriteisapicgissinumeric datasecurity patch.
29