Lucene search
K

EasyFile.txt

🗓️ 10 Mar 2006 00:00:00Reported by Revnic VasileType 
packetstorm
 packetstorm
🔗 packetstormsecurity.com👁 23 Views

Easy File Sharing Web Server 3.2 with Multiple Vulnerabilitie

Code
`Easy File Sharing Web Server Multiple Vulnerablilities  
  
Software: Easy File Sharing Web Server  
Version: 3.2  
Website: http://www.sharing-file.com/  
  
  
Description:  
Easy File Sharing Web Server is a Windows program that allows  
you to host a secure peer-to-peer and web-based file sharing   
system without any additional software or services.  
  
Vulnerabilities:  
  
1) Remote System Compromise:  
  
A registered user can upload a malicious file to a Startup folder,  
leading to system compromise after reboot.  
http://192.168.1.1/disk_c/Documents%20and%20Settings/All%20Users/Start%20Menu/Programs/Startup  
  
Exploit: not needed.  
  
  
2) Denial of Service:  
  
By sending a specifically crafted GET request, the EFS web server  
will crash.  
  
Exploit: http://192.168.1.1/?%25n  
  
  
3) Cross-Site Scripting:  
  
It is possible to insert arbitrary script code like  
<script>alert(document.cookie);</script>  
in "Description" field when creating a folder or uploading a file.  
  
  
Tested on:  
Windows 2000 SP4  
Windows XP SP2  
  
  
Credit:  
Discovered by Revnic Vasile  
[email protected]  
`

Data

Build on a solid foundation with Vulners data

We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data

Api

Power your application with Vulners API

The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access

App

Assess and manage vulnerabilities with Vulners tools

Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation