John Roy Pi3Web远程缓冲区溢出漏洞

QQ空间 新浪微博 微信 QQ facebook twitter
漏洞ID 1106219 漏洞类型 边界条件错误
发布时间 2001-02-15 更新时间 2006-09-23
CVE编号 CVE-2001-0302 CNNVD-ID CNNVD-200105-030
漏洞平台 Windows CVSS评分 5.0
|漏洞来源
https://www.exploit-db.com/exploits/20634
http://www.cnnvd.org.cn/web/xxk/ldxqById.tag?CNNVD=CNNVD-200105-030
|漏洞详情
JohnRoyPi3Web是一个小型的Web服务器程序。Pi3Web实现上存在多个安全漏洞,远程攻击者可能利用这些漏洞在主机上执行任意指令或获得服务器相关的信息。JohnRoyPi3Web服务器存在一个缓冲区溢出漏洞,它携带的ISAPI应用程序未能正确处理用户输入,恶意的远程攻击者提交一个精心构造过的URL请求会导致服务方发生缓冲区溢出,潜在允许执行任意指令。此外,如果提交一个无效URL,JohnRoyPi3Web服务将泄漏WEB根目录的物理路径。
|漏洞EXP
source: http://www.securityfocus.com/bid/2381/info


A buffer overflow vulnerability has been reported in John Roy Pi3Web web server. The ISAPI application within the server fails to properly handle user supplied input. Requesting a specially crafted URL will cause the buffer to overflow and possibly allow the execution of arbitrary code.

Pi3Web has also been known to disclose the physical path to the web root by requesting an invalid URL. 

http://target/isapi/tstisapi.dll?[a lot of 'A's]

http://localhost/[any string which causes a 404 error]
|参考资料

来源:BID
名称:2381
链接:http://www.securityfocus.com/bid/2381
来源:BUGTRAQ
名称:20010215VulnerabilitiesinPi3WebServer
链接:http://archives.neohapsis.com/archives/bugtraq/2001-02/0316.html