Home » Hacking News » Web Server 4D/eCommerce vulnerabilities

Web Server 4D/eCommerce vulnerabilities

by Nikola Strahija on January 15th, 2002 Two vulnerabilities have been found in this webserver from MDG. As in a lot of web servers, almost standard directory traversal and buffer overflow vulnerabilities apply.

Denial of Service
Server crashes after sending very long URL a few times.
http://host/AAAAAAAAA...(Ax2500)...AAA

Directory Traversal
Example of viewing webserver's log file:
http://host/%2f..%2f..%2f../ws4d.log.txt

This is achievable if a specially crafted URL composed of double dot "../" directory traversal sequences, with Unicode character representations substituted for "/" and "" , is submitted to a host.

Vulnerable version:
Only tested version vulnerable is Web Server 4D/eCommerce 3.5.3 (Windows 2000).

Found by Tamer Sahin, securityoffice.net.

From the forum

The forums are now OPEN AGAIN!

Newsletter signup

Signup to our monthly newsletter and stay in touch with IT news!

Free E-books

We've got ebooks! But they're not online. :( Please give us a few days to bring downloads back.

Contact

Have something to say or just wanna drop us a line? Please keep this in mind: to spam, we reply with spam.

Users login

JOIN XATRIX

Web Server 4D/eCommerce vulnerabilities

Related articles

Advisories

Vulnerabilities

From the forum

Newsletter signup

Free E-books

Contact