tinyServer1.1.txt

tinyServer1.1.txt: Posted Jan 26, 2004; Authored by Donato Ferrante | Site autistici.org; Tiny HTTP Server versions 1.1 and 1.0.5 are vulnerable to directory traversal, denial of service, and cross site scripting bugs. Examples provided.; tags | exploit, web, denial of service, xss; SHA-256 | 94d202695ed7e71eeb74c905557c9600d4fab98f445abaea4f073aba55c6bc8a; Download | Favorite | View

tinyServer1.1.txt

                           Donato Ferrante


Application:  Tiny Server 
              https://sourceforge.net/projects/tinyserver

Version:      1.1 (1.0.5)

Bugs:         Multiple Vulnerabilities

Author:       Donato Ferrante
              e-mail: fdonato@autistici.org
              web:    www.autistici.org/fdonato


xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx

1. Description
2. The bugs
3. The code
4. The fix


xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx

----------------
1. Description:
----------------

Vendor's Description:

"This is a very basic http server. This server can accept multiple
requests at once. The server is only 56 kb. The server has been
configured to accept a maximum of 100 connections.
As of now Tiny Server supports only the GET request."



xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx

-------------
2. The bugs:
-------------

[1] directory traversal bug: the program does't make a good check on
    the user input string ( /../ ) so an attacker is able to see and
    download all the files on the remote system simply using his
    browser.

[2] denial of service bug: the program have no checks on the input
    strings received, so an attacker is able to crash the server
    simply sending a crafted string.

[3] cross site scripting bug: the program doesn't make a full check
    on the strings sent by the client, in fact the input strings are
    not filtered and they will appear in the returned page.



xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx

-------------
3. The code:
-------------

The following are some examples to test the vulnerabilities:


[1]

https://[host]/../../windows/system.ini



[2]

GET /index.htm
( without specify HTTP/1.1 )

or simply:

index.htm
( without specify GET and HTTP/1.1 )

or:

GET /aaaaaa[ 260 of a ]aaa HTTP/1.1
 


[3]

https://[host]/<script>alert("Test")</script>



xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx

------------
4. The fix:
------------

No fix.
The vendor has not answered to my signalations.



xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx

Top Authors In Last 30 Days

Red Hat 242 files
Ubuntu 57 files
Debian 22 files
LiquidWorm 15 files
Apple 9 files
Gentoo 8 files
Google Security Research 3 files
Alter Prime 3 files
Pierre Kim 2 files
Jann Horn 2 files

File Archives

Systems

AIX (430)
Apple (2,126)
BSD (378)
CentOS (61)
Cisco (1,954)
Debian (7,166)
Fedora (1,693)
FreeBSD (1,247)
Gentoo (4,607)
HPUX (881)
iOS (393)
iPhone (108)
IRIX (220)
Juniper (71)
Linux (51,965)
Mac OS X (696)
Mandriva (3,105)
NetBSD (256)
OpenBSD (490)
RedHat (17,344)
Slackware (941)
Solaris (1,615)
SUSE (1,444)
Ubuntu (9,994)
UNIX (9,476)
UnixWare (188)
Windows (6,784)
Other

tinyServer1.1.txt

tinyServer1.1.txt

File Archive:

November 2024

Top Authors In Last 30 Days

File Tags

File Archives

Systems

tinyServer1.1.txt

Share This

tinyServer1.1.txt

File Archive:

November 2024

Top Authors In Last 30 Days

File Tags

File Archives

Systems