vWebServer v1.2.0 (Others?)
----------------------------
Tested system: vWebServer v1.2.0 running under
Microsoft Windows 98 (Homepage/Download
www.vwebserver.com)

1- ASP file source disclosing:

Adding a unicoded space character at the end of
requested URL, vWebServer shows the ASP file instead
of executing it.

Example:
An example request looks this
http://www.TargetHost.com/anything.asp%20

2- DOS device filename vulnerability:

Under Windows 9x, using any DOS device names (aux,
con, prn, ...) as a filename or directory crashes
Windows.
vWebServer doesn't filter those requests.

Below example crashes both web server and Windows with
a blue screen of death.

Example:
http://www.TargetHost.com/aux/aux

3- Very long URL vulnerability:

Requesting a very long URL (i tried 8192 bytes long)
will resulted in Error #5, File error.
After requesting 2-3 times the same URL, web server
will no longer response anything. Restart needed.

Example:
http://www.TargetHost.com/AAAAAAAAA...(Ax8192)...AAA

Vendor: Informed and confirmed.

SmallHTTP (All versions vulnerable: 2.x Stables, 3.x
Latest beta 8)
---------------------------------------------------------------------

Server crashes after sending very long URL a few
times.

Example:

GET /AAA...AAA (8192) HTTP/1.0
Accept: ...
Host: ...
.
.
.

Vendor: Informed and confirmed.

Credits: Melih SARICA (melihsaryahoo.com )
        Bilgiteks IT (msaricabilgiteks.com)

__________________________________________________
Do You Yahoo!?
Get personalized email addresses from Yahoo! Mail
http://personal.mail.yahoo.com/

• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]