Government Security
Network Security Resources

Jump to content

Photo

Xerver Http Server 4.32 Remote Denial Of Service Vulnerability

windows server bug vulnerability javascript denial of service
  • Please log in to reply
No replies to this topic

#1 qcred11

qcred11

    First Sergeant

  • Members
  • 2,544 posts

Posted 09 November 2009 - 11:33 PM


#################################################################################

#                                                                   	     	#

# [b]Xerver HTTP Server <= v4.32 Remote Denial of Service[/b]	 		        #

# Found By:	Dr_IDE				                                #

# Download:	http://www.javascript.nu/xerver                          	#

# Tested On:	Windows XPSP3                                            	#

#                                                                        	#

#################################################################################



- Description -



Xerver v4.32 is a Windows based HTTP server. This is the latest version of

the application available.



Xerver v4.32 is vulnerable to a remote denial of service through following means.



Xerver ships with a web based configuration program, essentially making this DoS

remote if and when the Remote Setup is running.



The admin package runs on port 32123 and does not require any form of 

authentication to make changes to the server configuration.



- Bug -



If the HTTP Server port is set to any kind of letter combination, the server will

crash and be unable to be restarted unless the configuration file is manually

edited to remove the letters and put back to a number (ie. 80).



- Example -



1. http://172.16.2.101:32123/?action=wizardStep1

2. Enter anything in the port field, "Dr_IDE"

3. Click Save and Continue



- Results - 



The server will crash hard, and you will be unable to restart it. You must edit the 

configuration file, Xerver2.cfg and replace the first line of the file with a Port

number.



- Note - 



I tried to make this a possible XSS attack but I couldn't manage. Perhaps someone 

else can figure it out.



Methods and variables of interest for this attack:



SubmitForm()

document.myForm.portNR.value="80" # default, any letters here would kill the server











Also tagged with one or more of these keywords: windows, server, bug, vulnerability, javascript, denial of service