10 lines
No EOL
560 B
Text
10 lines
No EOL
560 B
Text
source: http://www.securityfocus.com/bid/2381/info
|
|
|
|
|
|
A buffer overflow vulnerability has been reported in John Roy Pi3Web web server. The ISAPI application within the server fails to properly handle user supplied input. Requesting a specially crafted URL will cause the buffer to overflow and possibly allow the execution of arbitrary code.
|
|
|
|
Pi3Web has also been known to disclose the physical path to the web root by requesting an invalid URL.
|
|
|
|
http://target/isapi/tstisapi.dll?[a lot of 'A's]
|
|
|
|
http://localhost/[any string which causes a 404 error] |