AOH :: HP Unsorted N :: VA2502.HTM

NaviCopa webserver 3.01 Multiple Vulnerabilities



NaviCopa webserver 3.01 Multiple Vulnerabilities
NaviCopa webserver 3.01 Multiple Vulnerabilities



######################  NaviCopa webserver 3.0.1 Multiple Vulnerabilities   #################


##### By:  e.wiZz!    Bosnian Idiot FTW!

##### Mail: ew1zz@hotmail.com 

##### Greetz goes to GYEZ(you know who you are lol)




In the wild...

################################################

##### Vendor site: http://www.navicopa.com/ 

##### Platforms: Windows OS only

#####Info:  Award Winning NaviCOPA is ideal for business users who require a powerful and flexible Web Server,
but don't want to have to spend months learning how to configure it.



######[Script Source Disclousure]###############

If we add dot at end of URI,server won't execute script,so we can see source code:

PoC:

http://localhost/index.html. 



###########[Buffer Overflow]#####################

Buffer Overflow exist if we supply more than 5400~ characters to root directory.Similar thing reported
at version 2.01 of this software http://www.securityfocus.com/bid/20250 (/cgi-bin/AAAA..) 

PoC:

GET /AAAAAAAAAAAAAAAAAA... HTTP/1.0   




In memory of shinnai.

The entire AOH site is optimized to look best in Firefox® 3 on a widescreen monitor (1440x900 or better).
Site design & layout copyright © 1986-2014 AOH
We do not send spam. If you have received spam bearing an artofhacking.com email address, please forward it with full headers to abuse@artofhacking.com.