hacking contest

hacking exploits security forum
hacking
compliance articles
upgrade backup exec
information security consultant
Help - Search - Member List - Calendar
Full Version: Mywebserver 1.0.3
GovernmentSecurity.org > The Archives > Exploit Articles
qcred11
Sep 28 2004, 02:16 AM
QUOTE


Bug: Denial of service & non password admin panel access
(in all server configurations).
Product: MyWebServer 1.0.3
Risk: Medium
Vendor: http://www.mywebserver.org
Reference: http://unl0ck.blackhatz.info/advisories.html

Overview:
MyWebServer - web server for win.

Details:

Denial of service:
In order to crash the server you have to create more than 107
connections with the HTTP service very fast.

Non password admin panel access:
Any user can access http://localhost/admin in any server
configuration. Any user can access http://localhost/admin/ServerProperties.html
where you can change server properties and make ftp accounts with path in any
part of hard disk, what mean that - remote attacker may veiw any file on hard drive.



Source: http://seclists.org/lists/bugtraq/2004/Sep/0352.html
This is a "lo-fi" version of our main content. To view the full version with more information, formatting and images, please click here.
 
Invision Power Board © 2001-2005 Invision Power Services, Inc.