Vulnwatch mailing list archives
[SCAN Associates Sdn Bhd Security Advisory] Foxweb 2.5 bufferoverflow in CGI and ISAPI extension
From: pokleyzz <pokleyzz () scan-associates net>
Date: Fri, 05 Sep 2003 09:41:37 +0800
SCAN Associates Sdn Bhd Security Advisory Products: Foxweb 2.5 (http://www.foxweb.com) Date: 5th September 2003 Author: pokleyzz <pokleyzz_at_scan-associates.net> Contributors: sk_at_scan-associates.net shaharil_at_scan-associates.net munir_at_scan-associates.net URL: http://www.scan-associates.net Summary: Foxweb 2.5 buffer in foxweb CGI and ISAPI extension Description ========FoxWeb is a Web application development tool, which can be used to quickly and easily integrate your FoxPro and client-server databases with the Web and to build interactive Web applications for intranets or the Internet. Take advantage of the fastest PC-based database engine and ease of use of Visual FoxPro to create dynamic Web content. Whether you are a seasoned developer or a "newbie," FoxWeb provides the tools and resources to help you create interactive applications in less time and with less effort.
Details ======There is buffer overflow in PATH_INFO for foxweb.dll and foxweb.exe from foxweb 2.5. It will occur when user suppy overlong PATH_INFO
(over 3000 byte). ex: http://www.com/scripts/foxweb.dll/[3000 A's]This stackbase overflow is easy to exploit and may lead to command execution as webuser.
Proof of concept ============ [see attachment] Vendor Response ============ Vendor has been contacted on 28th July 2003 and patch is available.
Attachment:
bazooka_penaka.pl
Description:
Current thread:
- [SCAN Associates Sdn Bhd Security Advisory] Foxweb 2.5 bufferoverflow in CGI and ISAPI extension pokleyzz (Sep 04)