Easy File Sharing Web Server Multiple Input Validation Vulnerabilities
BID:17046
Info
Easy File Sharing Web Server Multiple Input Validation Vulnerabilities
| Bugtraq ID: | 17046 |
| Class: | Input Validation Error |
| CVE: | |
| Remote: | Yes |
| Local: | No |
| Published: | Mar 09 2006 12:00AM |
| Updated: | Mar 11 2006 05:50AM |
| Credit: | Revnic Vasile is credited with the discovery of these vulnerabilities. |
| Vulnerable: |
EFS Software Easy File Sharing Web Server 3.2 |
| Not Vulnerable: | |
Discussion
Easy File Sharing Web Server Multiple Input Validation Vulnerabilities
Easy File Sharing Web Server is prone to multiple input-validation vulnerabilities. The application fails to properly sanitize user-supplied input before using it in dynamically generated content.
The issues include HTML-injection, denial-of-service, and arbitrary file-upload vulnerabilities.
An attacker can exploit these issues to steal cookie-based authentication credentials, control how the site is rendered to the user, cause the application to crash, and facilitate a compromise of the underlying computer.
Easy File Sharing Web Server is prone to multiple input-validation vulnerabilities. The application fails to properly sanitize user-supplied input before using it in dynamically generated content.
The issues include HTML-injection, denial-of-service, and arbitrary file-upload vulnerabilities.
An attacker can exploit these issues to steal cookie-based authentication credentials, control how the site is rendered to the user, cause the application to crash, and facilitate a compromise of the underlying computer.
Exploit / POC
Easy File Sharing Web Server Multiple Input Validation Vulnerabilities
These issues can be exploited through use of a web client.
The following proof-of-concept URIs are available:
Denial-of-service:
http://www.example.com/?%25n
Arbitrary file upload:
http://www.example.com/disk_c/Documents%20and%20Settings/All%20Users/Start%20Menu/Programs/Startup
These issues can be exploited through use of a web client.
The following proof-of-concept URIs are available:
Denial-of-service:
http://www.example.com/?%25n
Arbitrary file upload:
http://www.example.com/disk_c/Documents%20and%20Settings/All%20Users/Start%20Menu/Programs/Startup
Solution / Fix
Easy File Sharing Web Server Multiple Input Validation Vulnerabilities
Solution:
Currently we are not aware of any vendor-supplied patches for this issue. If you feel we are in error or are aware of more recent information, please mail us at: [email protected]
Solution:
Currently we are not aware of any vendor-supplied patches for this issue. If you feel we are in error or are aware of more recent information, please mail us at: [email protected]
References
Easy File Sharing Web Server Multiple Input Validation Vulnerabilities
References:
References: