Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email firstname.lastname@example.org
From: Strykar (strhackerzlair.org)
Date: Mon Sep 10 2007 - 09:41:52 CDT
Very interesting, been a while on here now.
Downloading as I speak.. will post a follow-up.
> -----Original Message-----
> From: full-disclosure-bounceslists.grok.org.uk [mailto:full-
> disclosure-bounceslists.grok.org.uk] On Behalf Of Gadi Evron
> Sent: Monday, September 10, 2007 11:36 AM
> To: pen-testsecurityfocus.com; fuzzingwhitestar.linuxbox.org
> Cc: full-disclosurelists.grok.org.uk; code-
> Subject: [Full-disclosure] Vulnerable test application: Simple Web
> Server (SWS)
> Every once in a while (last time a few months ago) someone emails one
> the mailing lists about searching for an example binary, mostly for:
> - Reverse engineering for vulnerabilities, as a study tool.
> - Testing fuzzers
> Some of these exist, but I asked my employer, Beyond Security, to
> our test application, specific for testing fuzzing (built for the
> fuzzer). They agreed to release the HTTP version, following their
> agreement to release our ANI XML specification.
> The GUI allows you to choose what port your want to run it on, as well
> which vulnerabilities should be "active".
> It is called Simple Web Server or SWS, and has the following
> 1. Off-By-One in Content-Length (Integer overflow/malloc issue)
> 2. Overflow in User-Agent
> 3. Overflow in Method
> 4. Overflow in URI
> 5. Overflow in Host
> 6. Overflow in Version
> 7. Overflow in complete packet
> 8. Off By One in Receive function (linefeed/carriage return issue)
> 9. Overflow in Authorization Type
> 10. Overflow in Base64 decoded
> 11. Overflow in Username of authorization
> 12. Overflow in Password of authorization
> 13. Overflow in Body
> 14. Cross site scripting
> It can be found on Beyond Security's website, here:
> Gadi Evron.
> Full-Disclosure - We believe in it.
> Charter: http://lists.grok.org.uk/full-disclosure-charter.html
> Hosted and sponsored by Secunia - http://secunia.com/
Full-Disclosure - We believe in it.
Hosted and sponsored by Secunia - http://secunia.com/