51 lines
No EOL
1.9 KiB
Text
51 lines
No EOL
1.9 KiB
Text
#################################################################################
|
|
# #
|
|
# Xerver HTTP Server <= v4.32 Remote Denial of Service #
|
|
# Found By: Dr_IDE #
|
|
# Download: http://www.javascript.nu/xerver #
|
|
# Tested On: Windows XPSP3 #
|
|
# #
|
|
#################################################################################
|
|
|
|
- Description -
|
|
|
|
Xerver v4.32 is a Windows based HTTP server. This is the latest version of
|
|
the application available.
|
|
|
|
Xerver v4.32 is vulnerable to a remote denial of service through following means.
|
|
|
|
Xerver ships with a web based configuration program, essentially making this DoS
|
|
remote if and when the Remote Setup is running.
|
|
|
|
The admin package runs on port 32123 and does not require any form of
|
|
authentication to make changes to the server configuration.
|
|
|
|
- Bug -
|
|
|
|
If the HTTP Server port is set to any kind of letter combination, the server will
|
|
crash and be unable to be restarted unless the configuration file is manually
|
|
edited to remove the letters and put back to a number (ie. 80).
|
|
|
|
- Example -
|
|
|
|
1. http://172.16.2.101:32123/?action=wizardStep1
|
|
2. Enter anything in the port field, "Dr_IDE"
|
|
3. Click Save and Continue
|
|
|
|
- Results -
|
|
|
|
The server will crash hard, and you will be unable to restart it. You must edit the
|
|
configuration file, Xerver2.cfg and replace the first line of the file with a Port
|
|
number.
|
|
|
|
- Note -
|
|
|
|
I tried to make this a possible XSS attack but I couldn't manage. Perhaps someone
|
|
else can figure it out.
|
|
|
|
Methods and variables of interest for this attack:
|
|
|
|
SubmitForm()
|
|
document.myForm.portNR.value="80" # default, any letters here would kill the server
|
|
|
|
# milw0rm.com [2009-09-18] |