Home / os / win7

GoAheaad Webserver Source Code Disclosure Vulnerability

Posted on 29 May 2010

<!DOCTYPE HTML PUBLIC '-//W3C//DTD HTML 4.01 Transitional//EN'><html><head><meta http-equiv='Content-Type' content='text/html; charset=windows-1251'><title>GoAheaad Webserver Source Code Disclosure Vulnerability</title><link rel='shortcut icon' href='/favicon.ico' type='image/x-icon'><link rel='alternate' type='application/rss+xml' title='Inj3ct0r RSS' href='/rss'></head><body><pre>=======================================================
GoAheaad Webserver Source Code Disclosure Vulnerability
=======================================================


# Exploit Title: GoAheaad Webserver Source Code Disclosure Vulnerability
# Date: 5-28-10
# Author: Sil3nt_Dre4m
# Software Link:
http://data.goahead.com/Software/Webserver/2.1.8/webs218.zip
# Version: 2.18 and earlier
# Tested on: Windows
# Affects: Windows platform only
# Code : http://ip.address.of.server/forms.asp.
http://ip.address.of.server/forms.asp%20
 
Description of Software: &quot;The GoAhead WebServer is a fast and efficient
standards-based Web server designed for cross-platform support.
While WebServer is designed for embedded devices it is nevertheless a fully
functional web server and its use is not limited to
embedded devices. WebServer's small foot-print and efficient design make it
well suited for a wide range of applications.&quot;
-quote from http://www.goahead.com/products/webserver/Default.aspx
 
Problem: Appending a '.' or '%20' to a URL will result in a source code
disclosure of whichever file is requested.
This did not work for files in /cgi-bin/ directory when tested, but seems to
work for other files/directories.
This technique only works on Windows systems, as Windows ignores periods and
spaces after files.
Sadly this software has not been updated since 2003 and remains public
despite known vulnerabilities dating to 2003/2004.


# <a href='http://inj3ct0r.com/'>Inj3ct0r.com</a> [2010-05-29]</pre><script type='text/javascript'>var gaJsHost = (("https:" == document.location.protocol) ? "https://ssl." : "http://www.");document.write(unescape("%3Cscript src='" + gaJsHost + "google-analytics.com/ga.js' type='text/javascript'%3E%3C/script%3E"));</script><script type='text/javascript'>try{var pageTracker = _gat._getTracker("UA-12725838-1");pageTracker._setDomainName("none");pageTracker._setAllowLinker(true);pageTracker._trackPageview();}catch(err){}</script></body></html>

 

TOP

Malware :

Exploits :