Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline

easyfile12.txt

🗓️ 06 Oct 2003 00:00:00Reported by nimberType 
packetstorm
 packetstorm🔗 packetstormsecurity.com👁 22 Views

Easy File Sharing Web Server version 1.2 has vulnerabilities including flood-attacks and log file exposure.

Show more

AI Insights are available for you today

Leverage the power of AI to quickly understand vulnerabilities, impacts, and exploitability

Code
`Vulnerabilities in Easy File Sharing Web Server (1.2 NEW).  
  
+-----------------------------+  
Vendor: www.sharing-file.com  
Version: 1.2 (new)  
Date: Sep 22, 2003  
Size: 2115KB  
Mini-description:  
"Easy File Sharing Web Server contains several built-in systems including HTTP Web Server,multi-threads database system, Bulletin Board System, Server Script system, Password protection system. Users just need to install Easy File Sharing Web Server and no other software. All without additional configuration.   
You may create a virtual folder from your hard disk; visitors may upload/download files to/from it. Easy File Sharing Web Server is much easier to use than a typical FTP server."  
+-----------------------------+  
Issue: 1. Flood-atack danger.   
2. View log-files and options.  
+-----------------------------+  
Solution:  
(1) I have found some small vulnerabilities in the built - in forum.  
- At creation new topic, field "Title:" permits to enter an empty symbol. Thus occurs potential danger of flood-attack.  
- Field "Your Message:" has no fixed are long.  
(2)   
- The any user can look contents log-files.  
Example:  
http://192.168.2.227/log/  
  
Name Size Date Description Author   
20030728.txt 9KB 2003-07-28 15:56:34 none none   
20030730.txt 18KB 2003-07-30 16:58:58 none none   
20030807.txt 12KB 2003-08-07 13:56:18 none none   
20030811.txt 18KB 2003-08-11 13:34:15 none none   
20030812.txt 10KB 2003-08-12 17:03:20 none none   
20030815.txt 10KB 2003-08-15 16:59:58 none none   
20030818.txt 31KB 2003-08-18 14:14:30 none none   
20030902.txt 9KB 2003-09-02 14:41:57 none none   
20030904.txt 8KB 2003-09-04 14:18:59 none none   
20030905.txt 1KB 2003-09-05 09:13:28 none none   
20030908.txt 4KB 2003-09-08 12:32:22 none none  
  
- View options.ini  
  
Example:  
http://192.168.2.227/option.ini  
======[example option.ini]======  
[Server] WebPages= DefaultPage=login.htm startup=1 AutoActive=1 Minimize=0 Savelog=1 Port=80   
  
Template=default showsys=0 showhide=0 expire=600 resume=1 smallpic=0 picsize=0 fileprotect=1   
  
[Email] SmtpServer=smtp.citiz.net SmtpPort=25 Account=wordsend   
  
Password=,207,194,202,217,216,214 NeedAuth=1 Subject=User Registration Information   
  
username=file-sharing web server [email protected] [IP] Mode=0   
================================  
  
For contacts:  
nimber  
icq: 132614  
e-mail: [email protected]  
Home Page: nimber.plux.ru  
  
Greets: ZeT,euronymous,JLx and all my friends.  
Hi to teams: zud team, void.ru, RusH Team, m00 security,  
eXploit.ru,LWTeam, F0K Project,Free-Crew.  
  
p.s> Sorry for my bad english ;)  
  
(0_o(0_o)0_o)  
`

Transform Your Security Services

Elevate your offerings with Vulners' advanced Vulnerability Intelligence. Contact us for a demo and discover the difference comprehensive, actionable intelligence can make in your security strategy.

Book a live demo
06 Oct 2003 00:00Current
7.4High risk
Vulners AI Score7.4
easy file sharing web serverflood-attack dangerview log-filespotential vulnerabilitiessecurity issues.
22
.json
Report