what you don't know can hurt you
Home Files News &[SERVICES_TAB]About Contact Add New

websitepro.txt

websitepro.txt
Posted Sep 11, 2000
Authored by Crono

WebSite Pro is a Web Server for Win95/98/NT platforms. The vulnerability (or bad server administration) allows any user to create arbitrary files with arbitrary text on the victim machine, from the Internet web browser. By a default installation, any user can create or uploads files to the victim machine running a vulnerable version of WebSite Pro. The problem is a bad "protection access" of the main directories on the machine.

tags | exploit, web, arbitrary
systems | windows
SHA-256 | bd5cdf4a6fed674aba622112ecb317033d101e50f0c57a16cba894aadc40d73e

websitepro.txt

Change Mirror Download
Sender: Bugtraq List <BUGTRAQ@SECURITYFOCUS.COM>
From: Crono <crono@THEPENTAGON.COM>
Subject: WebServer Pro 2.3.7 Vulnerability
To: BUGTRAQ@SECURITYFOCUS.COM

-- WebSite Pro 2.3.7 Vulnerability --

WebSite Pro is a Web Server for Win95/98/NT plataforms.

The vulnerability (or bad server administration) allow any user
to create arbitrary files with arbitrary text on the victim machine,
from
the Internet Web Browser.

By a default installation any user can create or uploads files to the
victim machine running a vulnerable version of WebSite Pro. The problem
is a bad "protection access" of the main directories on the machine.

In a default installation, WebServer Pro, create on him root directory
the
next directories readables (by default) from any user:

cgi-win
cgi-shl
cgi-src
cgi-temp

The problem is in the aplication called "uploader.exe" located on
/cgi-win
directory. In other versiones of WebSite Pro this directory is unable to
read from any user, but in these version, WebServer fail when check the
roots directories and the proper web-html directories.

For example, if we install WebServer Pro in c:\website, WebServer
create:

c:\website\cgi-win
c:\website\cgi-shl
c:\website\cgi-src
...

with various information and aplications inside.

We must choose a directory for own we web page (by default in
c:\website\htdocs), but, in these example, we will install we root
web directory in c:\mywebs\libros, so we have we index.html in
c:\mywebs\libros\index.html. In these directory only reside the
web page files, not cgi-win or other cgi directory...

Well, if we connect to the web server using a normal Internet Explorer,
and
we try to read a file that not exist in the directory, we find this
error message:

----------------------------------
GET www.victim.com/foo

404 Not Found

The requested URL was not found on this server:

/foo

(C:\mywebs\libros\foo)
----------------------------------

How we can see, WebServer revealed the real path of the webserver.
(Vulnerability published various mouths ago)

But if we try to access to cgi-win directory, automatically
and "magically" the
WebServer redirect us to the real cgi-win directory, located in
c:\website\cgi-win
Example:

-----------------------

GET www.victim.com/cgi-win

404 Not Found

The requested URL was not found on this server:

/cgi-win/

(C:\WebSite\cgi-win\)
------------------------------

How we can see, the WebServer say us that these directory dosn´t
exist...
but if we try to ejecute the default aplicacion "uploader.exe" located
in real cgi-win directory...

---------------------------------
GET www.victim.com/cgi-win/uploader.exe

WopS! we enter in a cgi web page that allow us to upload any file in
we machine to the remote machine.

This error in readable directories, is the same for cgi-shl and cgi-src.

In other version, if you define your root directories as
c:\mywebs\libros
you cann´t upload to parent directories and cann´t change to cgi-win
real directory.



Solution:

Change the permisions of cgi-win and other cgi
directories, or deleting uploader.exe.


I found these bug in WebServer Pro 2.3.7 version, I don´t know if early
versions are vulnerable too, but in 2.3.3 version, these bug don´t
exist.


Sorry for my english...

/-/-/-/-/-/-/-/-/-/-/-/-/-/-/-/-/-/-/-/-/-/-/-/-/-/-/-/

Bug found by Crono (Hispano Scene) crono@thepentagon.com

Aprovecho para saludar a la peña de #phreak, #hacker_novatos,
#hacking, y #hpcv.

24-8-2000 (Spain)
/-/-/-/-/-/-/-/-/-/-/-/-/-/-/-/-/-/-/-/-/-/-/-/-/-/-/-/-/

Login or Register to add favorites

File Archive:

September 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Sep 1st
    261 Files
  • 2
    Sep 2nd
    17 Files
  • 3
    Sep 3rd
    38 Files
  • 4
    Sep 4th
    52 Files
  • 5
    Sep 5th
    23 Files
  • 6
    Sep 6th
    27 Files
  • 7
    Sep 7th
    0 Files
  • 8
    Sep 8th
    1 Files
  • 9
    Sep 9th
    16 Files
  • 10
    Sep 10th
    38 Files
  • 11
    Sep 11th
    21 Files
  • 12
    Sep 12th
    40 Files
  • 13
    Sep 13th
    18 Files
  • 14
    Sep 14th
    0 Files
  • 15
    Sep 15th
    0 Files
  • 16
    Sep 16th
    21 Files
  • 17
    Sep 17th
    51 Files
  • 18
    Sep 18th
    23 Files
  • 19
    Sep 19th
    48 Files
  • 20
    Sep 20th
    36 Files
  • 21
    Sep 21st
    0 Files
  • 22
    Sep 22nd
    0 Files
  • 23
    Sep 23rd
    38 Files
  • 24
    Sep 24th
    0 Files
  • 25
    Sep 25th
    0 Files
  • 26
    Sep 26th
    0 Files
  • 27
    Sep 27th
    0 Files
  • 28
    Sep 28th
    0 Files
  • 29
    Sep 29th
    0 Files
  • 30
    Sep 30th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2024 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close