Web Server 4D/eCommerce vulnerabilities
by Nikola Strahija on January 15th, 2002 Two vulnerabilities have been found in this webserver from MDG. As in a lot of web servers, almost standard directory traversal and buffer overflow vulnerabilities apply.
Denial of Service
Server crashes after sending very long URL a few times.
http://host/AAAAAAAAA...(Ax2500)...AAA
Directory Traversal
Example of viewing webserver's log file:
http://host/%2f..%2f..%2f../ws4d.log.txt
This is achievable if a specially crafted URL composed of double dot "../" directory traversal sequences, with Unicode character representations substituted for "/" and "" , is submitted to a host.
Vulnerable version:
Only tested version vulnerable is Web Server 4D/eCommerce 3.5.3 (Windows 2000).
Found by Tamer Sahin, securityoffice.net.