Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in

00045-08242004.txt

🗓️ 26 Aug 2004 00:00:00Reported by James BercegayType 
packetstorm
 packetstorm🔗 packetstormsecurity.com👁 28 Views

Easy File Sharing Web Server has serious vulnerabilities allowing unauthorized access and DoS attacks.

Code
`##########################################################  
# GulfTech Security Research August, 24th 2004  
##########################################################  
# Vendor : EFS Software Inc.  
# URL : http://www.sharing-file.com  
# Version : Easy File Sharing Webserver v1.25  
# Risk : Unauthorized System Access && DoS  
##########################################################  
  
Description:  
Easy File Sharing Web Server is a file sharing software   
that allows visitors to upload/download files easily   
through a Web Browser (IE,Netscape,Opera etc.). It can help   
you share files with your friends and colleagues. They can   
download files from your computer or upload files from   
theirs. They will not be required to install this software   
or any other software because an internet browser is enough.   
Easy File Sharing Web Server also provides a Bulletin Board   
System (Forum). It allows remote users to post messages and   
files to the forum.  
  
  
  
Unauthorized System Access:  
The authorization function used by EFS Webserver is supposed  
to keep just anyone from being able to access your files. But  
this is not the case and an attacker has read access to the   
entire hard drive by default.  
  
http://127.0.0.1/disk_c  
  
This url will give an attacker read access to the entire C  
drive. The issue is exploited by requesting the name of a  
virtual folder on the server. (disk_c is there by default)  
  
  
  
Denial of Service:  
Easy File Sharing Web Server can be DoS'ed and even remotely  
crashed by sending a number of large HTTP requests to the web  
server. The CPU usage goes up to 99% and in some cases crash.  
Attached is a Proof Of Concept script for this issue.  
  
  
  
Solution:  
The developers were contacted but never responded to my emails  
  
  
  
Related Info:  
The original advisory can be found at the following location  
http://www.gulftech.org/?node=research&article_id=00045-08242004  
  
  
Credits:  
James Bercegay of the GulfTech Security Research Team  
  
`

Data

Build on a solid foundation with Vulners data

We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data

Api

Power your application with Vulners API

The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access

App

Assess and manage vulnerabilities with Vulners tools

Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation

Book a live demo
26 Aug 2004 00:00Current
7.4High risk
Vulners AI Score7.4
unauthorized system accessdenial of servicefile sharing softwareefs webservergulftech security
28