Exploit Miniweb 0.8.19 - Multiple Vulnerabilities

Exploiter

Exploiter

Хакер
34,644
0
18 Дек 2022
EDB-ID
4923
Проверка EDB
  1. Пройдено
Автор
HAMID EBADI
Тип уязвимости
REMOTE
Платформа
WINDOWS
CVE
cve-2008-0338 cve-2008-0337
Дата публикации
2008-01-16
Код: 
MiniWeb Multiple Vulnerabilities

Introduction
MiniWeb is a mini HTTP server implementation written in C language,
featuring low system resource consumption, high efficiency, good
flexibility and high portability.
It is capable to serve multiple clients with a single thread,
supporting GET and POST methods, authentication, dynamic contents
(dynamic web page and page variable substitution) and file uploading.
MiniWeb runs on POSIX complaint OS, like Linux, as well as Microsoft Windows.
	
vulnerability discovered by : Hamid Ebadi  (ebadi _AT_ bugtraq.ir)

http://www.bugtraq.ir

complete advisory and also source code auditing can be found at :

	http://www.bugtraq.ir/adv/miniweb_persian.pdf  (persian)
	http://www.bugtraq.ir/adv/miniweb_english.pdf  (english)

vulnerable version : MiniWeb 0.8.19 (C)2005 Written by Stanley Huang
http://miniweb.sourceforge.net/
http://sourceforge.net/projects/miniweb

Description:

directory traversals  :

An input validation error in the URL request handling in
mwGetLocalFileName()   function ( http.c)  can  be exploited to
disclose arbitrary files (and also Directory listing)  outside the web
root via directory traversals  attacks via the " /.%2e/" or "/%2e%2e/"
 sequences

Proof of Concept :
Directory listing:
http://127.0.0.1:80/.%2e/.%2e/.%2e/.%2e/.%2e/.%2e/.%2e/

disclose arbitrary files:
http://127.0.0.1:80/.%2e/.%2e/.%2e/.%2e/.%2e/.%2e/.%2e/boot.ini


Heap based buffer overflow vulnerability :

There is also heap based buffer overflow in this web server
The vulnerability is caused due to a boundary error in
_mwProcessReadSocket() function (http.c) when handling HTTP requests.
This can be exploited by sending an overly long, specially crafted
request, which can cause a heap overflow and allow arbitrary code
execution with the privileges of the web service.


Proof of Concept :
GET /AAAA...[3600 - 4000]...AAAA/ HTTP/1.0

Solution:
Edit the source code (for more information see this article)

http://www.bugtraq.ir/adv/miniweb_persian.pdf  (persian)
http://www.bugtraq.ir/adv/miniweb_english.pdf  (english)

Copyright  : http://www.bugtraq.ir

# milw0rm.com [2008-01-16]
 
Источник
www.exploit-db.com
Войдите или зарегистрируйтесь для ответа.

Похожие темы

Exploiter
Exploit Miniweb 2.0 Site Builder Module - Multiple Cross-Site Scripting Vulnerabilities
Ответы
0
Просмотры
371
Эксплойты & Уязвимости
Exploiter
Exploiter
Exploiter
Exploit Miniweb 2.0 Business Portal and Social Networking Platform - SQL Injection
Ответы
0
Просмотры
320
Эксплойты & Уязвимости
Exploiter
Exploiter
Exploiter
Exploit MiniWeb 0.8.19 - Remote Buffer Overflow
Ответы
0
Просмотры
337
Эксплойты & Уязвимости
Exploiter
Exploiter
Exploiter
Exploit MiniWeb 300 - Arbitrary File Upload (Metasploit)
Ответы
0
Просмотры
343
Эксплойты & Уязвимости
Exploiter
Exploiter
Exploiter
Exploit MiniWeb HTTP Server 300 - Crash (PoC)
Ответы
0
Просмотры
319
Эксплойты & Уязвимости
Exploiter
Exploiter
Exploiter
Exploit Miniweb 2.0 Module Publisher - Blind SQL Injection / Cross-Site Scripting
Ответы
0
Просмотры
311
Эксплойты & Уязвимости
Exploiter
Exploiter
Exploiter
Exploit Miniweb 2.0 Module Survey Pro - Blind SQL Injection / Cross-Site Scripting
Ответы
0
Просмотры
312
Эксплойты & Уязвимости
Exploiter
Exploiter
Exploiter
Exploit Miniweb 2.0 - Full Path Disclosure
Ответы
0
Просмотры
292
Эксплойты & Уязвимости
Exploiter
Exploiter
Exploiter
Exploit Miniweb 2.0 - Authentication Bypass
Ответы
0
Просмотры
317
Эксплойты & Уязвимости
Exploiter
Exploiter
Exploiter
Exploit Miniweb 2.0 - 'historymonth' SQL Injection
Ответы
0
Просмотры
302
Эксплойты & Уязвимости
Exploiter
Exploiter
Сверху Снизу