OSEC

Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com
 
From: D4rkGr3y (grey_1999_at_mail.ru)
Date: Wed Aug 14 2002 - 14:40:55 CDT

  • Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

    Hi.
    Bugs founded in MyWebServer v.1.0.2.
    You can download it from www.mywebserver.org.
    1. Buffer overflow in MWS Search Engine.
    Remote attacker can crash web-server (and run shell-code) by sending keyword with a large size.
    Xsploit: http://vuln_host/MWS/HandleSearch.html?searchTarget=[990b_of_any_data]&B1=Submit
    Fix: Turn off "Search Page" in MWS properties (www.vuln_host.com/admin/ServerProperties.html)
    2. Remote JS/VB/HTML code execution.
    Xsploit: http://vuln_host/[223b_of_any_data]<font%20size=50>DEFACED<!--//--
    3. Real patch attack.
    Xsploit: http://vuln_host/[not_exists_dir]
    Then in the document source we can find patch from \ to wwwroot.

    Advisoryed by D4rkGr3y (www.dhgroup.org)
    Full information about all bugs (6) in MWS u can find here:
    http://www.dhgroup.org/txt/
    Only for Russian users.

    P.S. Remote DoS\root exploit for MWS attached.