OSEC

Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com
 
From: Tamer Sahin (ts_at_securityoffice.net)
Date: Thu Oct 24 2002 - 13:48:22 CDT

  • Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

    -----BEGIN PGP SIGNED MESSAGE-----
    Hash: MD5

    - --[ Liteserve Web Server v2.0 Authorization Bypass Vulnerability ]--

    - --[ Type

    File Disclosure

    - --[ Release Date

    October 24, 2002

    - --[ Product / Vendor

    LiteServe is a powerful, full-featured Web, EMail and FTP server. This server software
    is perfect for personal websites or commercial sites with high traffic demands and
    multiple domains. All the services that you need work together efficiently in one
    program to provide you with a feature-packed server solution that is easy to setup,
    manage, and monitor.

    http://www.cmfperception.com

    - --[ Summary

    It is possible to construct a web request which is capable of accessing the contents
    of password protected files/folders on the Liteserve Web Server v2.0. This
    vulnerability may only be exploited to access password-protected files in sub-folders
    of wwwroot.

    http://host/./secret/

    - --[ Tested

    Windows 2000 Sp3 / Liteserve Web Server v2.0
    Windows 98 SE / Liteserve Web Server v2.0

    - --[ Vulnerable

    Liteserve Web Server v2.0

    - --[ Disclaimer

    http://www.securityoffice.net is not responsible for the misuse or illegal use of any
    of the information and/or the software listed on this security advisory.

    - --[ Author

    Tamer Sahin
    tssecurityoffice.net
    http://www.securityoffice.net

    All our advisories can be viewed at http://www.securityoffice.net/articles/

    Please send suggestions, updates, and comments to feedbacksecurityoffice.net

    (c) 2002 SecurityOffice

    This Security Advisory may be reproduced and distributed, provided that this Security
    Advisory is not modified in any way and is attributed to SecurityOffice and provided
    that such reproduction and distribution is performed for non-commercial purposes.

    Tamer Sahin
    http://www.securityoffice.net

    -----BEGIN PGP SIGNATURE-----
    Version: 2.6

    iQEVAwUAPbhAePpL5ibJRTtBAQFM5Qf/Vc+v5/5uJumdzWohzxfzUE7stnz1pYZ9
    iyHt5xU7faNLZURJ4I7ZfQdC05d8U4PdApMP2cvTtN+UYJrsaaLrk3MZ0UVSNC3V
    J7yDYq6tupMNutbKIP3S0cA5eiEeN5mV2RJC+AibFzD434xi1heB3xl1Usi4zhdN
    VEySNLu4/GG4TWfLZTLmxNcwBqKx4JQ4BxEVF2pcjzHqnCxOvHcLo1asQw6+Zrk0
    m/TF2+J1Sf5OotvMsynBfd7XZogM5exdfTp+OQEaduntHdW9H6bPrGjwmclC59tt
    btJWrMracsUGjp9r+SH1sa4VmWUaikpnNpNDHlrAi/S70C+vLSdFXg==
    =89D2
    -----END PGP SIGNATURE-----