- 34,644
- 0
- 18 Дек 2022
- EDB-ID
- 7966
- Проверка EDB
-
- Пройдено
- Автор
- E.WIZZ!
- Тип уязвимости
- REMOTE
- Платформа
- WINDOWS
- CVE
- null
- Дата публикации
- 2009-02-03
Код:
###################### NaviCopa webserver 3.0.1 Multiple Vulnerabilities #################
##### By: e.wiZz! Bosnian Idiot FTW!
##### Mail: [email protected]
##### Greetz goes to GYEZ(you know who you are lol)
In the wild...
################################################
##### Vendor site: http://www.navicopa.com/
##### Platforms: Windows OS only
#####Info: Award Winning NaviCOPA is ideal for business users who require a powerful and flexible Web Server,
but don't want to have to spend months learning how to configure it.
######[Script Source Disclousure]###############
If we add dot at end of URI,server won't execute script,so we can see source code:
PoC:
http://localhost/index.html.
###########[Buffer Overflow]#####################
Buffer Overflow exist if we supply more than 5400~ characters to root directory.Similar thing reported
at version 2.01 of this software https://www.securityfocus.com/bid/20250 (/cgi-bin/AAAA..)
PoC:
GET /AAAAAAAAAAAAAAAAAA... HTTP/1.0
In memory of shinnai.
# milw0rm.com [2009-02-03]- Источник
- www.exploit-db.com
