Hello bugtraq, -= Unl0ck Team Security Advisory =- ____ ___ __ _______ __ ___________ | | \____ | | \ _ \ ____ | | __ \__ ___/___ _____ _____ | | / \| | / /_\ \_ / ___\| |/ / | |_/ __ \\__ \ / \ | | / | \ |_\ \_/ \ \___ | < | |\ ___/ / __ \| Y Y \ |______/|___| /____/\_____ /\_____ >__|_ \ |____| \___ >____ /__|_| / \/ \/ \/ \/ \/ \/ \/ ... the best way of protection is attack Bug: Denial of service & non password admin panel access (in all server configurations). Product: MyWebServer 1.0.3 Risk: Medium Vendor: http://www.mywebserver.org Reference: http://unl0ck.blackhatz.info/advisories.html Overview: MyWebServer - web server for win. Details: Denial of service: In order to crash the server you have to create more than 107 connections with the HTTP service very fast. Non password admin panel access: Any user can access http://localhost/admin in any server configuration. Any user can access http://localhost/admin/ServerProperties.html where you can change server properties and make ftp accounts with path in any part of hard disk, what mean that - remote attacker may veiw any file on hard drive. 23/09/04. (c) by unl0ck team. http://unl0ck.blackhatz.info/ | http://unl0ck.net.ru -- Best regards, nekd0 mailto:nekd0@rambler.ru