Nmap Security Scanner
*Intro
*Ref Guide
*Install Guide
*Download
*Changelog
*Book
*Docs
Security Lists
*Nmap Hackers
*Nmap Dev
*Bugtraq
*Full Disclosure
*Pen Test
*Basics
*More
Security Tools
*Pass crackers
*Sniffers
*Vuln Scanners
*Web scanners
*Wireless
*Exploitation
*Packet crafters
*More
Site News
Site Search:
Exploit World
Advertising
About/Contact
Credits
Sponsors:
edgeos network security services platform







Bugtraq: MyWebServer 1.0.3

MyWebServer 1.0.3

From: nekd0 <nekd0_at_rambler.ru>
Date: Mon, 27 Sep 2004 08:17:43 +0400

Hello bugtraq,

                                -= Unl0ck Team Security Advisory =-

        ____ ___ __ _______ __ ___________
       | | \____ | | \ _ \ ____ | | __ \__ ___/___ _____ _____
       | | / \| | / /_\ \_ / ___\| |/ / | |_/ __ \\__ \ / \
       | | / | \ |_\ \_/ \ \___ | < | |\ ___/ / __ \| Y Y \
       |______/|___| /____/\_____ /\_____ >__|_ \ |____| \___ >____ /__|_| /
                    \/ \/ \/ \/ \/ \/ \/
                         ... the best way of protection is attack

Bug: Denial of service & non password admin panel access
(in all server configurations).
Product: MyWebServer 1.0.3
Risk: Medium
Vendor: http://www.mywebserver.org
Reference: http://unl0ck.blackhatz.info/advisories.html

Overview:
MyWebServer - web server for win.

Details:

Denial of service:
In order to crash the server you have to create more than 107
connections with the HTTP service very fast.

Non password admin panel access:
Any user can access http://localhost/admin in any server
configuration. Any user can access http://localhost/admin/ServerProperties.html
where you can change server properties and make ftp accounts with path in any
part of hard disk, what mean that - remote attacker may veiw any file on hard drive.

23/09/04.
(c) by unl0ck team.
http://unl0ck.blackhatz.info/ | http://unl0ck.net.ru 

-- 
Best regards,
 nekd0                          mailto:nekd0_at_rambler.ru
Received on Sep 27 2004
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]