Visit our newest sister site!
Hundreds of free aircraft flight manuals
Civilian • Historical • Military • Declassified • FREE!


TUCoPS :: Windows Net Apps :: bt352.txt

MegaBrowser HTTP and FTP Vulnerabilities







Description

-----------------------------------------------------------

Megabrowser is a free standalone program that enables you to host

websites and FTP sites by utilizing its powerful advanced peer-to-peer 

features. You can now host websites and FTP sites without paying any 

hosting fees. Simply store your sites in the directories of your choice 

on your laptop or personal computer.







HTTP Directory Traversal Vulnerability

-----------------------------------------------------------

MegaBrowser HTTP server is vulnerable to a directory traversal

vulnerability which allows access to any file on the system as

well as directory viewing of the root web directory



http://www.someplace.com/../../../../../WINNT/repair/sam



http://www.someplace.com/../







FTP User Enumeration Vulnerability

-----------------------------------------------------------

While not as serious as the previously mentioned vuln, this still

poses a threat as it may allow an attacker to harvest a list of

valid FTP usernames on the system.



user blah

530 User can't log in

user anonymous

331 Anonymous access allowed, send identity (e-mail name) as password





These vulnerabilities are present in the current versions (0.71b) but may

affect earlier versions as well. Vendor was contacted but did not reply.





Credits go to JeiAr of GulfTech Computers and CSA Security Research



http://www.gulftech.org


TUCoPS is optimized to look best in Firefox® on a widescreen monitor (1440x900 or better).
Site design & layout copyright © 1986-2014 AOH