exploit the possibilities
Home Files News &[SERVICES_TAB]About Contact Add New

minihttp.txt

minihttp.txt
Posted Sep 16, 2003
Authored by Peter Winter-Smith

Minihttpserver 1.x Host Engine is susceptible to a directory traversal attack and has a login parsing flaw that allows a remote attacker to gain administrative privileges.

tags | exploit, remote
SHA-256 | c3811137432dca7f6b3480030b9e97885c8de1ef80de534902b0ea664f882952

minihttp.txt

Change Mirror Download
Minihttpserver 1.x Host Engine Flaws

Url: https://www.minihttpserver.net

+ File-Sharing for NET:

"File Sharing for net is a complete, secure web server that shares your
business documents and files over the web: remote users only need
browsers to view your files. Share, transfer files securely with
colleagues. "

+ Forums Web Server

"WebForums Server allows you to setup a bulletin board and photo/file
exchange web service. It offers a built in HTTP engine, internal
database engine, integrated HTML/Script pages, user management
interface, message board engine and a secure file Upload/Download
option. It is without a doubt the easiest and complet all in one Forum
Server software you have seen."

- Both Vendors Descriptions

Both products, in my opinion, deliver exactly what they offer, and are
definitely a reasonable buy for the price, remembering the fact that
you do not only get the scripts, but a well rounded webserver to boot.

However there is one aspect in which they are seriously lacking -
Security.

In light of Mr Dennis Rand's recent discovery of several dangerous
flaws within the server:

https://www.infowarfare.dk/Advisories/iw-09-advisory.txt

All of which (it is claimed) are fixed, you would have thought that
security would have become quite a priority for the development team,
but it appears this was not the case.

It took me about two minutes to find two more dangerous flaws which
can allow a remote user complete administrator access to the system
file/forum system and any file on the remote server.
These are not difficult, hard to find flaws, and I think even a few
minutes auditing would have turned both of these up immediately.

Flaw 1 - Directory Traversal:
=============================

https://server/../user.ini

This will allow the remote unauthenticated user to break free of the
webroot, and download any file on the system

The example file downloads the username and password file for both
applications, effectively allowing an intruder to access the vulnerable
system from the web based login page without any type of malformed
request.

Flaw 2 - Login Parsing Flaw
===========================

When Web Forum Server is first installed, it is often possible to
gain administrator access to the forum by using the following login
information:

Username: Admin
Password: "

I have managed to also login this way by typing ' admin" ' in the
password recovery box.


======================================================================


Operating system and servicepack level:
Windows 9x/Me/NT Based


Software:
+ Minihttpserver 1.x
+ Web Forum Server 1.x
+ File-Sharing NET 1.x


Under what circumstances the vulnerability was discovered:
By mistake pretty much - Testing some older vulns.


If the vendor has been notified:
Yes, the vendor had been notified.


How to contact you for further information:
I can always be reached at peter4020@hotmail.com


Please credit this find to:
Peter Winter-Smith


Thank you for your time,
-Peter

_________________________________________________________________
Express yourself with cool emoticons - download MSN Messenger today!
https://www.msn.co.uk/messenger

Login or Register to add favorites

File Archive:

November 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Nov 1st
    30 Files
  • 2
    Nov 2nd
    0 Files
  • 3
    Nov 3rd
    0 Files
  • 4
    Nov 4th
    12 Files
  • 5
    Nov 5th
    44 Files
  • 6
    Nov 6th
    18 Files
  • 7
    Nov 7th
    9 Files
  • 8
    Nov 8th
    8 Files
  • 9
    Nov 9th
    3 Files
  • 10
    Nov 10th
    0 Files
  • 11
    Nov 11th
    14 Files
  • 12
    Nov 12th
    20 Files
  • 13
    Nov 13th
    63 Files
  • 14
    Nov 14th
    18 Files
  • 15
    Nov 15th
    8 Files
  • 16
    Nov 16th
    0 Files
  • 17
    Nov 17th
    0 Files
  • 18
    Nov 18th
    17 Files
  • 19
    Nov 19th
    0 Files
  • 20
    Nov 20th
    0 Files
  • 21
    Nov 21st
    0 Files
  • 22
    Nov 22nd
    0 Files
  • 23
    Nov 23rd
    0 Files
  • 24
    Nov 24th
    0 Files
  • 25
    Nov 25th
    0 Files
  • 26
    Nov 26th
    0 Files
  • 27
    Nov 27th
    0 Files
  • 28
    Nov 28th
    0 Files
  • 29
    Nov 29th
    0 Files
  • 30
    Nov 30th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2024 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close