NaviCOPA Web Server 3.0.1 - Remote Buffer Overflow / Script Source Disclosure

QQ空间 新浪微博 微信 QQ facebook twitter
漏洞ID 1057410 漏洞类型
发布时间 2009-02-03 更新时间 2009-02-03
CVE编号 N/A CNNVD-ID N/A
漏洞平台 Windows CVSS评分 N/A
|漏洞来源
https://www.exploit-db.com/exploits/7966
|漏洞详情
漏洞细节尚未披露
|漏洞EXP
######################  NaviCopa webserver 3.0.1 Multiple Vulnerabilities   #################


##### By:  e.wiZz!    Bosnian Idiot FTW!

##### Mail:  ew1zz@hotmail.com

##### Greetz goes to GYEZ(you know who you are lol)




In the wild...

################################################

##### Vendor site:  http://www.navicopa.com/

##### Platforms: Windows OS only

#####Info:  Award Winning NaviCOPA is ideal for business users who require a powerful and flexible Web Server,
but don't want to have to spend months learning how to configure it.



######[Script Source Disclousure]###############

If we add dot at end of URI,server won't execute script,so we can see source code:

PoC:

http://localhost/index.html.



###########[Buffer Overflow]#####################

Buffer Overflow exist if we supply more than 5400~ characters to root directory.Similar thing reported
at version 2.01 of this software  http://www.securityfocus.com/bid/20250   (/cgi-bin/AAAA..)

PoC:

GET /AAAAAAAAAAAAAAAAAA... HTTP/1.0   




In memory of shinnai.

# milw0rm.com [2009-02-03]