Visit our newest sister site!
Hundreds of free aircraft flight manuals
Civilian • Historical • Military • Declassified • FREE!

TUCoPS :: Web :: Servers :: bt204.txt

Snowblind Web Server: multiple issues

topic: Snowblind Web Server: multiple issues
product: Snowblind Web Server v1.0
risk: high
date: 05/16/2k3
tested platform: Windows 98 Second Edition
discovered by: euronymous /F0KP 
advisory urls:
contact email:


i have found couple issues in this http-server. they 
are: directory traversal and DoS attacks. 

directory traversal

1. you can read and download any file out of webroot:




2. also you can download any binary file in this manner:


this request will download program file calc.exe with 
name internal.sws


download webserver itself )).

3. directory listing out of webroot.

note: this bug will works if only `Allow directory 
listings' is turned on [ in default its do ].


will print contents of root directory on that disk 

Denial of Service

1. this url will crash webserver:


2. if you send GET request, that contains more >=219 
charakterz, then you will crash the server..

request example:

GET /fff[ x 129 ]ffff HTTP/1.0

shouts: DWC, DHG, NetPoison, HUNGOSH,, 
N0b0d13s Team and all russian security guyz!! 
to kate especially )) 
hates: slavomira and other dirty ppl in *.kz $#%&^!  
k0dsweb lamers team == yeah, i really __HATE__ yours!!

im not a lame,
not yet a hacker

TUCoPS is optimized to look best in Firefox® on a widescreen monitor (1440x900 or better).
Site design & layout copyright © 1986-2015 AOH