exploit the possibilities
Home Files News &[SERVICES_TAB]About Contact Add New

webweaver.1.01.txt

webweaver.1.01.txt
Posted Oct 25, 2002
Authored by Tamer Sahin | Site securityoffice.net

The BRS WebWeaver Web Server v1.01 for Windows allows remote attackers to access files in password protected directories by sending a special web request. Tested on Windows 2000 Sp3 and 98SE.

tags | remote, web
systems | windows
SHA-256 | 952d6a2e38bf73ed6659426d07625a19fe392c8b246d7ec67b52f1f0b7264132

webweaver.1.01.txt

Change Mirror Download
-----BEGIN PGP SIGNED MESSAGE-----
Hash: MD5

- --[ BRS WebWeaver Web Server v1.01 Protected File Access Vulnerability ]--

- --[ Type

File Disclosure

- --[ Release Date

October 24, 2002

- --[ Product / Vendor

BRS WebWeaver is a small, fast HTTP and FTP Server for Win9x/WinNT. I've done a
little testing and it is able to sustain over 750 connection per second using only 4MB
of memory

Web Server with the following features:

- - HTTP/1.0 compliant Web Server
- - Built in FTP Server
- - Basic ISAPI support (Microsoft Internet Server API)
- - CGI/1.1 support
- - Multi-threaded
- - Basic user authentication
- - IP address based security
- - URL based security (Realms)
- - Alias support
- - SSI Support (Server Side Includes)
- - Remote Administration (Partially Implemented)
- - FREE!

http://www.bsoutham.org

- --[ Summary

It is possible to construct a web request which is capable of accessing the contents
of password protected files/folders on the BRS WebWeaver Web Server v1.01. This
vulnerability may only be exploited to access password-protected files in sub-folders
of wwwroot.

http://host/./secret/

- --[ Tested

Windows 2000 Sp3 / BRS WebWeaver Web Server v1.01
Windows 98 SE / BRS WebWeaver Web Server v1.01

- --[ Vulnerable

BRS WebWeaver Web Server v1.01

- --[ Disclaimer

http://www.securityoffice.net is not responsible for the misuse or illegal use of
any of the information and/or the software listed on this security advisory.

- --[ Author

Tamer Sahin
ts@securityoffice.net
http://www.securityoffice.net

All our advisories can be viewed at http://www.securityoffice.net/articles/

Please send suggestions, updates, and comments to feedback@securityoffice.net

(c) 2002 SecurityOffice

This Security Advisory may be reproduced and distributed, provided that this Security
Advisory is not modified in any way and is attributed to SecurityOffice and provided
that such reproduction and distribution is performed for non-commercial purposes.

Tamer Sahin
http://www.securityoffice.net

-----BEGIN PGP SIGNATURE-----
Version: 2.6

iQEVAwUAPbhA5PpL5ibJRTtBAQG0Iwf+OZfrWz9p+MCg0UqsdzGK7sN1IJvUopjJ
czztl7D5h9VVl8+gBRiMFMtLPK/wz15PPCWwneqORA6+jgXuroBTMcQvLv8q2aDH
CTP2lgBPW1i1AIwPw1zy5Alb773gho6rL7D/jeTSPDJDIJPutjKX64PuMEtTWpEx
Uxn5bz+21ZIGyPiLt13TKo850Jl29ToURtKSM2uCmBPlYCNCULpA9pthR7WliSHH
xzQVF3r3yEmMgmjvuSJouMi7LrpT+fWYcYY5brjJahot+qH8R45EeJZq9FoMuWkG
OvJrYcZrLRConqjvKlErLvzZmET3DBg/OJVuAOL+hvZrYdXDyNGDMg==
=mrVU
-----END PGP SIGNATURE-----



Login or Register to add favorites

File Archive:

September 2022

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Sep 1st
    23 Files
  • 2
    Sep 2nd
    12 Files
  • 3
    Sep 3rd
    0 Files
  • 4
    Sep 4th
    0 Files
  • 5
    Sep 5th
    10 Files
  • 6
    Sep 6th
    8 Files
  • 7
    Sep 7th
    30 Files
  • 8
    Sep 8th
    14 Files
  • 9
    Sep 9th
    26 Files
  • 10
    Sep 10th
    0 Files
  • 11
    Sep 11th
    0 Files
  • 12
    Sep 12th
    5 Files
  • 13
    Sep 13th
    28 Files
  • 14
    Sep 14th
    15 Files
  • 15
    Sep 15th
    17 Files
  • 16
    Sep 16th
    9 Files
  • 17
    Sep 17th
    0 Files
  • 18
    Sep 18th
    0 Files
  • 19
    Sep 19th
    12 Files
  • 20
    Sep 20th
    15 Files
  • 21
    Sep 21st
    20 Files
  • 22
    Sep 22nd
    13 Files
  • 23
    Sep 23rd
    12 Files
  • 24
    Sep 24th
    0 Files
  • 25
    Sep 25th
    0 Files
  • 26
    Sep 26th
    0 Files
  • 27
    Sep 27th
    0 Files
  • 28
    Sep 28th
    0 Files
  • 29
    Sep 29th
    0 Files
  • 30
    Sep 30th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Hosting By
Rokasec
close