BRS WebWeaver HTTP Server DDP vulnerability

2003-01-21T00:00:00
ID SECURITYVULNS:DOC:3989
Type securityvulns
Reporter Securityvulns
Modified 2003-01-21T00:00:00

Description

=:=:=::=:=:=::=:=:=::=:=:=::=:=:=::=:=:=::=:=:=::= topic: BRS WebWeaver HTTP Server DDP vulnerability product: BRS WebWeaver 1.01, 1.03 (HTTP Server) vendor: http://www.bsoutham.org/WebWeaver/ risk: high date: 01/14/2k3 discovered by: euronymous /F0KP /R00tC0de advisory urls: http://f0kp.iplus.ru/bz/013.en.txt http://f0kp.iplus.ru/bz/013.ru.txt =:=:=::=:=:=::=:=:=::=:=:=::=:=:=::=:=:=::=:=:=::=

description

i have found Dos Device Path vulnerability in BRS WebWeaver HTTP Server version 1.01 and 1.03, that will crash unpatched win9x boxes..

sploit: http://hostname/aux/aux/

or

sploit: http://hostname/con/con

shouts: R00tC0de, DWC, DHG, HUNGOSH, all russian security guyz!! to kate especially )) fuck_off: slavomira and other dirty ppl in *.kz

================ im not a lame, not yet a hacker ================