Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security Bugtraq
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

MyWebServer 1.0.3

from [nekd0] Network Security [Permanent Link]
Subject: MyWebServer 1.0.3
Date: Mon, 27 Sep 2004 08:17:43 +0400 
Hello bugtraq,

                                -= Unl0ck Team Security Advisory =-

        ____ ___       __  _______           __      ___________
       |    |   \____ |  | \   _  \    ____ |  | __  \__    ___/___ _____    
_____
       |    |   /    \|  | /  /_\  \_ / ___\|  |/ /    |    |_/ __ \\__  \  /   
  \
       |    |  /   |  \  |_\  \_/   \  \___ |    <     |    |\  ___/ / __ \|  Y 
Y  \
       |______/|___|  /____/\_____  /\_____ >__|_ \    |____| \___  >____  
/__|_|  /
                    \/            \/       \/    \/               \/     \/     
 \/
                         ... the best way of protection is attack


Bug: Denial of service & non password admin panel access
(in all server configurations).
Product: MyWebServer 1.0.3
Risk: Medium
Vendor: http://www.mywebserver.org
Reference: http://unl0ck.blackhatz.info/advisories.html


Overview:
MyWebServer - web server for win.

Details:

Denial of service:
In order to crash the server you have to create more than 107
connections with the HTTP service very fast.


Non password admin panel access:
Any user can access http://localhost/admin in any server
configuration. Any user can access http://localhost/admin/ServerProperties.html
where you can change server properties and make ftp accounts with path in any
part of hard disk, what mean that - remote attacker may veiw any file on hard 
drive.


23/09/04.
(c) by unl0ck team.
http://unl0ck.blackhatz.info/ | http://unl0ck.net.ru


-- 
Best regards,
 nekd0                          mailto:nekd0@rambler.ru
[More with this subject...]




<Prev in Thread] Current Thread [Next in Thread>
  • MyWebServer 1.0.3, nekd0 <=
Previous by Date:  Re: Diebold Global Election Management System (GEMS) Backdoor Account Allows Authenticated Users to Modify Votes, Seth Breidbart
Next by Date:  Re: New whitepaper "The Phishing Guide", Philip Stoev
Previous by Thread:  Php RFC1867 Upload Vuln. POC Released, Stefano Di Paola
Next by Thread:  MSSQL 7.0 DoS, securma
Indexes:  [Date] [Thread] [Top] [All Lists]