Visit our newest sister site!
Hundreds of free aircraft flight manuals
Civilian • Historical • Military • Declassified • FREE!


TUCoPS :: Web :: Servers :: bt301.txt

Tornado www-server v1.2: directory traversal, buffer overflow





-----BEGIN PGP SIGNED MESSAGE-----


################################################################
#                     _____   __   __  ___                     #
#             ........\    \.|  |.|  |/   \........            #
#             :       /     \|  | |  |   __>      :            #
#             :      /   _   \  |_|  |  / __      :            #
#             :     /    /    \      | <_/  \     :            #
#             :..../   _/     /  _   |   `   \....:            #
#                : \_________/__| |__|_______/ :               #
#                :   Damage   Hacking   Group  :               #
#                :      Security  Advisory     :               #
#                :.............................:               #
#                                                              #
#                     http://www.dhgroup.org                   #
#b                                                            d#
##b,________________________________________________________.d##
|                                                              |
  Product: Tornado www-server v1.2
  Authors: www.softrex.com/tornado/
| Vulnerability: multiple bugs                                 |
#--------------------------------------------------------------#
| Overview:                                                    |
  ~~~~~~~~~

  Another one http server
|                                                              |
#--------------------------------------------------------------#
| Problem:                                                     |
  ~~~~~~~~

 This server is one BiG problem. IMHO is most dangerous server.
 Main bug in DNA ;D Attacker may see any files in system (but
 only if he know path and filename), may crash server (and exec
 malicious code) by sending long http request. Examples:

 www.server.com/../existing_file           <-file be showed
 
 www.server.com/aa[more than 471 chars]
|                                                              |
#--------------------------------------------------------------#
| Exploit:                                                     |
  ~~~~~~~~
  
 Naah, its not interesting. Lets authors code something better.
|                                                              |
#--------------------------------------------------------------#
| :wow:                                                        |
   ~~~
   NeKr0 /DHG                                 www.dhgroup.org
|                                                              |
#______________________________________________________________#
 \___________________________da_end___________________________/ 

Best regards               www.dhgroup.org
  D4rkGr3y                    icq 540981



-----BEGIN PGP SIGNATURE-----
Version: PGPfreeware 7.0.3 for non-commercial use <http://www.pgp.com>

iQCVAwUBPtaTMW4LIpseSJmPAQFU5AP/bO2H6whq/DXFdjYndYthn3sC35RlR6Lh
TF9tuOZyTPzsRwf0wKZEw3ivtyoAKVL3Qn6a+kCC7XE049TViDujQ5ykevkADl41
aA1E+wqV23xZjJfLuDBuJNgl2TbaJop+qYvrE5Rh83k81q4MdGLAuwQkM57M5xch
5JSPz5M1yC0=
=dw5D
-----END PGP SIGNATURE-----


TUCoPS is optimized to look best in Firefox® on a widescreen monitor (1440x900 or better).
Site design & layout copyright © 1986-2014 AOH