[Alert] Website's uploader.exe (from demo) vulnerable

Aleph One (aleph1@DFW.NET)
Thu, 04 Sep 1997 16:59:12 -0500

---------- Forwarded message ----------
Date: Thu, 4 Sep 1997 21:38:57 +0200
From: Herman de Vette <herman@INFO.NL>
To: NTBUGTRAQ@NTADVICE.COM
Subject: [Alert] Website's uploader.exe (from demo) vulnerable

[Alert] Website's uploader.exe (from demo) vulnerable

Check out what I found today (hope it's not an known bug yet)

O'reilly's webserver 'website' contains a demopackage that contains
the cgi-program uploader.exe. The following html-page was included with
it:
----------------------------------------
Upload a File

Upload a file

NOTE: Your browser must support file uploading.

Your name:         (required)

Email address:     (required)

                  NOTE: If you don't see a "browse" button below,
your browser

                  doesn 't support form-based file uploading. Netscape
2.0 and

                  later have this support.

File to upload:   

File description:  (required)
...
 ----------------------------------------- The program uploader.exe doesn't check anything at all. If you're lucky you're running windows NT and have put only "read/execute access" on cgi-win and other executable paths. Otherwise (win95) you have a real problem. You could create a CGI-program, next you change the HTML-file a little like this: ----------------------------------------- Upload Any File Anywhere

------------------------------------------ open the html-file in your browser, select a nice CGI-file to upload And run that CGI-program remotely. (No need to tell you what this CGI-program could do, could be .bat file too in one of website's other cgi-directories) SOLUTION: remove uploader.exe, delete it, empty your trash bin and use ftp for file-upload Herman de Vette herman@info.nl