Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security Bugtraq
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Multiple Vulnerabilities In Xedus Webserver

from [GulfTech Security] Network Security [Permanent Link]
Subject: Multiple Vulnerabilities In Xedus Webserver
Date: Mon, 30 Aug 2004 13:45:47 -0500 
##########################################################
# GulfTech Security Research               August, 30th 2004
##########################################################
# Vendor  : Jerod Moemeka
# URL     : http://www.thinxoft.com
# Version : Xedus 1.0
# Risk    : Multiple Vulnerabilities
##########################################################

Description:
Xedus is a Peer-to-Peer web server and provides you with the 
ability to share files, music, and any other media, as well 
as create robust and dynamic web sites, which can feature 
database access, file system access, with full .net support. 
Powered by a built in server-side, Microsoft C#, scripting 
language; Xedus boasts the ability to create sites that can 
rival web applications built on any other enterprise servers 
like Apache, IIS, Iplanet. With Xedus, you will never need 
to pay to host your sites again. Using the peer-to-peer mode, 
other members of LIVE can access you site by keyword using
Internet Explorer even if you do not have a static IP address!



Denial of Service:
Xedus Webserver cannot handle multiple connections from the 
same host, and will deny all access to any users after  a
number of connections are made from a malicious user. This
vulnerability can be leveraged by an attacker to deny all
requests to a website, thus rendering it inaccessible.



Cross Site Scripting:
Xedus Webserver comes with a number of test scripts. These
test scripts are used to display some of the capabilities of
the Xedus webserver. 

http://host:4274/test.x?username=[XSS]
http://host:4274/TestServer.x?username=[XSS]
http://host:4274/testgetrequest.x?param=[XSS]

However, the input received by some of these test scripts are 
not properly sanitized. Because the input is not properly
sanitized, it allows for an attacker to send a malicious url
that will then render malicious code in the context of a 
victim's web browser. A quick and easy way to resolve these xss
issues is to delete the .x files located in the ./sampledocs
folder of the Xedus Webserver installation.



Directory Traversal Vulnerability:
Xedus webserver does not properly sanitize requests sent to the
server. This vulnerability can be exploited to retrieve arbitrary, 
potentially sensitive files from the hosting computer with the 
privileges of the web server. This may aid a malicious user in 
further attacks.

http://host:4274/../data/log.txt
http://host:4274/../../../../../boot.ini
http://host:4274/../../../../../WINNT/repair/sam

It should be noted, that by default the Xedus Webserver listens
for incoming connections on port 4274, however this value can be
edited by the administrator of the Xedus webserver.



Solution:
I contacted the developers but never received a response. To
resolve the Cross Site Scripting issue, simply remove the sample
.x scripts located in the ./sampledocs directory



Related Info:
The original advisory can be found at the following location 
http://www.gulftech.org/?node=research&article_id=00047-08302004



Credits:
James Bercegay of the GulfTech Security Research Team
[More with this subject...]




<Prev in Thread] Current Thread [Next in Thread>
  • Multiple Vulnerabilities In Xedus Webserver, GulfTech Security <=
Previous by Date:  [vulnwatch] WFTPD Pro Server 3.21 MLST Command Denial of Service Vulnerability, lion
Next by Date:  Re: NETGEAR DG834G SPECIAL FEATURES, Luca Berra
Previous by Thread:  [vulnwatch] WFTPD Pro Server 3.21 MLST Command Denial of Service Vulnerability, lion
Next by Thread:  Cross Site Scripting in XOOPS Version 2.x Dictionary module, CyruxNET
Indexes:  [Date] [Thread] [Top] [All Lists]