netbusWeb.txt

2004-01-23T00:00:00
ID PACKETSTORM:32554
Type packetstorm
Reporter Rafel Ivgi
Modified 2004-01-23T00:00:00

Description

                                        
                                            `~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~  
  
Software: NetBus Web Server  
Vendor: http://ultraaccess.net/  
Versions: Pro  
Platforms: Unix  
Bug: Direcory Listing And Remote File Upload  
Risk: High  
Exploitation: Remote with browser  
Date: 22 Jan 2004  
Author: Rafel Ivgi, The-Insider  
e-mail: the_insider@mail.com  
web: http://theinsider.deep-ice.com  
  
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~  
  
1) Introduction  
2) Bug  
3) The Code  
  
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~  
  
===============  
1) Introduction  
===============  
  
NetBus Pro is a "Trojan Horse". It is a virus that opens a port and listens  
until some attacker will connect the port and do what ever he wishes on  
the machine. If a password is set and the default port number is changed  
it can be used as a remote control software.  
  
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~  
  
======  
2) Bug  
======  
  
Although NetBus Pro is a virus, it has a web server built in.  
If an attacker connects to the server he gets a default page, with  
no special links or options.  
However requesting:  
  
http://<host>//  
Or  
http://<host>/./  
  
Will Show the root path directory listing and a file upload function.  
This allows any one to download local files, upload anything and possibly  
take over the machine.  
  
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~  
  
===========  
3) The Code  
===========  
  
http://<host>//  
http://<host>/./  
  
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~  
  
---   
Rafel Ivgi, The-Insider  
http://theinsider.deep-ice.com  
  
"Things that are unlikeable, are NOT impossible."  
`