Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com

Neohapsis > Archives > Bugtraq> 1997_3

Bugtraq archives for 3rd quarter (Jul-Sep) 1997: [Alert] Website's uploader.exe (from demo) vulnerable

[Alert] Website's uploader.exe (from demo) vulnerable

Aleph One (aleph1DFW.NET)
Thu, 4 Sep 1997 16:59:12 -0500

Messages sorted by: [ date ][ thread ][ subject ][ author ]
Next message: Matt Conover: "Overflow in one of Apache 1.1.1 (maybe later too)'s modules"
Previous message: W.C. Epperson: "Re: [linux-security] Announce: chkexploit 1.13 (fwd)"

---------- Forwarded message ----------
Date: Thu, 4 Sep 1997 21:38:57 +0200
From: Herman de Vette <hermanINFO.NL>
To: NTBUGTRAQNTADVICE.COM
Subject: [Alert] Website's uploader.exe (from demo) vulnerable

[Alert] Website's uploader.exe (from demo) vulnerable

Check out what I found today (hope it's not an known bug yet)

O'reilly's webserver 'website' contains a demopackage that contains
the cgi-program uploader.exe. The following html-page was included with
it:
----------------------------------------

Upload a File

Upload a file

NOTE: Your browser must support file uploading.

Your name:         (required)

Email address:     (required)

                  NOTE: If you don't see a "browse" button below,
your browser

                  doesn 't support form-based file uploading. Netscape
2.0 and

                  later have this support.

File to upload:   

File description:  (required)

...

----------------------------------------- The program uploader.exe doesn't check anything at all. If you're lucky you're running windows NT and have put only "read/execute access" on cgi-win and other executable paths. Otherwise (win95) you have a real problem. You could create a CGI-program, next you change the HTML-file a little like this: ----------------------------------------- Upload Any File Anywhere ------------------------------------------ open the html-file in your browser, select a nice CGI-file to upload And run that CGI-program remotely. (No need to tell you what this CGI-program could do, could be .bat file too in one of website's other cgi-directories) SOLUTION: remove uploader.exe, delete it, empty your trash bin and use ftp for file-upload Herman de Vette herman

info.nl

Next message: Matt Conover: "Overflow in one of Apache 1.1.1 (maybe later too)'s modules"
Previous message: W.C. Epperson: "Re: [linux-security] Announce: chkexploit 1.13 (fwd)"