Users login

Create an account »


Users login

Home » Hacking News » Web Server 4D/eCommerce vulnerabilities

Web Server 4D/eCommerce vulnerabilities

by Nikola Strahija on January 15th, 2002 Two vulnerabilities have been found in this webserver from MDG. As in a lot of web servers, almost standard directory traversal and buffer overflow vulnerabilities apply.

Denial of Service
Server crashes after sending very long URL a few times.

Directory Traversal
Example of viewing webserver's log file:

This is achievable if a specially crafted URL composed of double dot "../" directory traversal sequences, with Unicode character representations substituted for "/" and "" , is submitted to a host.

Vulnerable version:
Only tested version vulnerable is Web Server 4D/eCommerce 3.5.3 (Windows 2000).

Found by Tamer Sahin,

Newsletter signup

Signup to our monthly newsletter and stay in touch with IT news!

Free E-books

We've got ebooks! But they're not online. :( Please give us a few days to bring downloads back.


Have something to say or just wanna drop us a line? Please keep this in mind: to spam, we reply with spam.

Contact us »