exploit the possibilities
Home Files News &[SERVICES_TAB]About Contact Add New

NetServe Web Server 1.0.58 XSS / RFI / Denial Of Service

NetServe Web Server 1.0.58 XSS / RFI / Denial Of Service
Posted Jun 24, 2011
Authored by LiquidWorm | Site zeroscience.mk

NetServe Web Server version 1.0.58 suffers from denial of service, cross site scripting, various inclusion vulnerabilities and more.

tags | advisory, web, denial of service, vulnerability, xss
SHA-256 | 57730836287f5775bff301c266cccc018712462def19a33875a91e36190e4b13

NetServe Web Server 1.0.58 XSS / RFI / Denial Of Service

Change Mirror Download

NetServe Web Server v1.0.58 Multiple Remote Vulnerabilities


Vendor: Net-X Solutions Ltd
Product web page: http://www.netxsolutions.co.uk
Affected version: 1.0.58

Summary: NetServe is a super compact Web Server and File Sharing
application for Windows NT, 95, 98, 2000, and XP. It's HTTP Web
Server can serve all types of files including html, gif and jpeg,
actually any files placed in your NetServe directory can be served.
New key features include Server-Side-Include (SSI) support and
CGI/1.1 support giving you the choice of your prefered scripting
language,including but not limited to; Perl, ASP and PHP, to create
your dynamic content.

Desc: NetServe Web Server is vulnerable to multiple vulnerabilities
including cross-site scripting, remote file inclusion, local file
inclusion, script insertion, html injection, denial of service, etc.
Given that the software is not maintained anymore and the last update
was in 2006, there are still a few that uses it. All the parameters
are susceptible to the above attacks. The list of the parameters used
by the web application are(post/get):

- Action
- EnablePasswords
- _Checks
- _ValidationError
- ListIndex
- SiteList_0
- SSIErrorMessage
- SSIExtensions
- SSITimeFormat
- SSIabbrevSize
- EnableSSI
- LogCGIErrors
- LoggingInterval
- ExtendedLogging
- CGITimeOut

The tests were made using PowerFuzzer and OWASP ZAP. No need for PoC
strings. Attackers can exploit any of the issues using a web browser.


Tested on: Microsoft Windows XP Pro SP3 (En)

Vulnerability discovered by Gjoko 'LiquidWorm' Krtic
liquidworm gmail com


Advisory ID: ZSL-2011-5021
Advisory URL: http://www.zeroscience.mk/en/vulnerabilities/ZSL-2011-5021.php


19.06.2011
Login or Register to add favorites

File Archive:

June 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Jun 1st
    0 Files
  • 2
    Jun 2nd
    0 Files
  • 3
    Jun 3rd
    18 Files
  • 4
    Jun 4th
    21 Files
  • 5
    Jun 5th
    0 Files
  • 6
    Jun 6th
    57 Files
  • 7
    Jun 7th
    6 Files
  • 8
    Jun 8th
    0 Files
  • 9
    Jun 9th
    0 Files
  • 10
    Jun 10th
    12 Files
  • 11
    Jun 11th
    27 Files
  • 12
    Jun 12th
    38 Files
  • 13
    Jun 13th
    16 Files
  • 14
    Jun 14th
    14 Files
  • 15
    Jun 15th
    0 Files
  • 16
    Jun 16th
    0 Files
  • 17
    Jun 17th
    0 Files
  • 18
    Jun 18th
    0 Files
  • 19
    Jun 19th
    0 Files
  • 20
    Jun 20th
    0 Files
  • 21
    Jun 21st
    0 Files
  • 22
    Jun 22nd
    0 Files
  • 23
    Jun 23rd
    0 Files
  • 24
    Jun 24th
    0 Files
  • 25
    Jun 25th
    0 Files
  • 26
    Jun 26th
    0 Files
  • 27
    Jun 27th
    0 Files
  • 28
    Jun 28th
    0 Files
  • 29
    Jun 29th
    0 Files
  • 30
    Jun 30th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close