Exploit John Roy Pi3Web 1.0.1 - Buffer Overflow

Exploiter

Хакер
34,644
0
18 Дек 2022
EDB-ID
20634
Проверка EDB
  1. Пройдено
Автор
JOETESTA
Тип уязвимости
DOS
Платформа
WINDOWS
CVE
cve-2001-0302
Дата публикации
2001-02-15
Код:
source: https://www.securityfocus.com/bid/2381/info


A buffer overflow vulnerability has been reported in John Roy Pi3Web web server. The ISAPI application within the server fails to properly handle user supplied input. Requesting a specially crafted URL will cause the buffer to overflow and possibly allow the execution of arbitrary code.

Pi3Web has also been known to disclose the physical path to the web root by requesting an invalid URL. 

http://target/isapi/tstisapi.dll?[a lot of 'A's]

http://localhost/[any string which causes a 404 error]
 
Источник
www.exploit-db.com

Похожие темы