Pegasi022.txt

Pegasi022.txt: Posted Mar 12, 2004; Authored by Donato Ferrante | Site autistici.org; Pegasi Web Server aka PWS version 0.2.2 is susceptible to cross site scripting and directory traversal attacks due to a lack of input validation.; tags | exploit, web, xss; SHA-256 | ccd71dc5d0be8fa6f24ab7dc8902149371dfd6778c4a2812f4af37674bae8aa3; Download | Favorite | View

Pegasi022.txt

                           Donato Ferrante


Application:  Pegasi Web Server (PWS)
              http://pws.sourceforge.net

Version:      0.2.2

Bugs:         Multiple Vulnerabilities

Author:       Donato Ferrante
              e-mail: fdonato@autistici.org
              web:    www.autistici.org/fdonato


xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx

1. Description
2. The bugs
3. The code
4. The fix



xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx

----------------
1. Description:
----------------

Vendor's Description:

"Pegasi Web Server (PWS) is a multithreading Java Web server. It is
written by students at the PegasiLUG as a project for Networking."



xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx

-------------
2. The bugs:
-------------

[1] directory traversal bug: the program doesn't check for malicious
    patterns like "/../", so an attacker is able to navigate through
    the system simply using a browser.


[2] cross site scripting bug: the user input strings are not filtered
    and they will appear in the returned page.



xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx

-------------
3. The code:
-------------

To test the vulnerabilities:

[1]

http://[host]:8080/../../../../etc/passwd

or:

http://[host]:8080/../


[2]

http://[host]:8080/<script>alert("Test")</script>



xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx

------------
4. The fix:
------------

No fix.
The email addresses provided on the official website seem don't work.


If you want, you can use my following little patch, that should fix
the bugs for this version of Pegasi Web Server:

        ...
        ..
        .

( line: 30 of FileFinder.java ) FileFinder(String httpURIPath)
{

/* start of patch for [1] */


boolean done = false;

for(int z = 0; z < httpURIPath.length()-1; z++){
  if( httpURIPath.charAt(z) == '.' && httpURIPath.charAt(z+1) == '.'){
       this.status = -1;
       done = true;
  }
}

if( done == true ) return;


/* end of patch for [1] */

        .
        ..
        ...

                          - - - - -
        ...
        ..
        .

( line: 233 of Connection.java )

/* start of patch for [2] */


     case -1:    /* nothing found */
     {
       Misc.putSysMessage(0,"Requested file was NOT found.");
       output.outputError(404, " ");
       //before "output.outputError(404,httpURI);"
       break;
     }

     
/* end of patch for [2] */

      .
      ..
      ...



xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx

Top Authors In Last 30 Days

Red Hat 263 files
indoushka 178 files
Ubuntu 96 files
Gentoo 32 files
Debian 20 files
Apple 11 files
LiquidWorm 10 files
malvuln 8 files
Rubén López Herrera 5 files
Google Security Research 5 files

File Archives

Systems

AIX (430)
Apple (2,117)
BSD (378)
CentOS (61)
Cisco (1,954)
Debian (7,137)
Fedora (1,693)
FreeBSD (1,247)
Gentoo (4,599)
HPUX (881)
iOS (391)
iPhone (108)
IRIX (220)
Juniper (71)
Linux (51,486)
Mac OS X (696)
Mandriva (3,105)
NetBSD (256)
OpenBSD (490)
RedHat (16,995)
Slackware (941)
Solaris (1,615)
SUSE (1,444)
Ubuntu (9,903)
UNIX (9,466)
UnixWare (188)
Windows (6,783)
Other

Pegasi022.txt

Pegasi022.txt

File Archive:

October 2024

Top Authors In Last 30 Days

File Tags

File Archives

Systems

Pegasi022.txt

Share This

Pegasi022.txt

File Archive:

October 2024

Top Authors In Last 30 Days

File Tags

File Archives

Systems