Scribd Logo
Upload

Welcome to Scribd!

  • Attack Webserver OmniHTTPd

    Uploaded by

    Nguyen Duc Thanh
    15 views2 pages
    This document describes two security vulnerabilities in OmniHTTPd v2.07 web server that can be exploited to compromise systems. The first vulnerability allows corrupting or deleting arbitrary files on the server if their location is known. The second allows injecting code into the stats.pl script to enable directory listing. Instructions for exploiting these vulnerabilities using a publicly available script are provided. The document also shares links to vulnerability advisories and exploits for novice hackers to practice on.

    Original Description:

    Copyright

    © Attribution Non-Commercial (BY-NC)

    Available Formats

    DOC, PDF, TXT or read online from Scribd

    Did you find this document useful?

    Is this content inappropriate?

    Report this Document
    This document describes two security vulnerabilities in OmniHTTPd v2.07 web server that can be exploited to compromise systems. The first vulnerability allows corrupting or deleting arbitrary files on the server if their location is known. The second allows injecting code into the stats.pl script to enable directory listing. Instructions for exploiting these vulnerabilities using a publicly available script are provided. The document also shares links to vulnerability advisories and exploits for novice hackers to practice on.

    Copyright:

    Attribution Non-Commercial (BY-NC)
    Download as DOC, PDF, TXT or read online from Scribd
    Flag for inappropriate content
    Download as doc, pdf, or txt
    15 views2 pages

    Attack Webserver OmniHTTPd

    Uploaded by

    Nguyen Duc Thanh
    This document describes two security vulnerabilities in OmniHTTPd v2.07 web server that can be exploited to compromise systems. The first vulnerability allows corrupting or deleting arbitrary files on the server if their location is known. The second allows injecting code into the stats.pl script to enable directory listing. Instructions for exploiting these vulnerabilities using a publicly available script are provided. The document also shares links to vulnerability advisories and exploits for novice hackers to practice on.

    Copyright:

    Attribution Non-Commercial (BY-NC)
    Download as DOC, PDF, TXT or read online from Scribd
    Flag for inappropriate content
    Download as doc, pdf, or txt
    of 2

    Attack một Webserver OmniHTTPd v2.

    07 :

    trang này đã được đọc lần

    Chao cac ban! hom nay toi lai gioi thieu tiep voi ban cach Attack mot Webserver
    OmniHTTPd v2.07.

    OmniHTTPd la mot Webserver chay tren nen OS Win95/97/98/NT/2K. Den Version


    2.07 thi bi "Omnicron Technologies Corporation was notified via" phat hien ra 2 lo
    hong bao mat kha tram trong. OK! bay gio chung ta bat dau trao doi va tim hieu ve 2
    lo hong nay xtoi no tram trong ra sao? Dau tien tren may ban phai co cai Perl
    (Pratical Extraction And Reporting Language), va can phai tai doan Code cua "Joe
    Testa" de khai thac 2 lo hong bao mat nay.

    Lo hong thu nhat: Lo hong thu nhat cho phep cac Hacker co pha hong bat cu mot file
    nao tren Webserver....Dan den nhieu hau qua nghitoi trong. Neu nhu cac Hacker co
    the biet duoc chinh xac vi tri file ma minh can pha hoai. Gia su ban da co trong ta
    doan Code cua "Joe Testa". Ban ra DOS go:
    perl omnismash.pl localhost 80 -corrupt duong_dan_file_can_pha_huy

    VD: perl omnismash.pl localhost 80 -corrupt c:\autoexec.bat

    Dong lenh tren se pha hong file autoexec.bat tren Webserver...Ban co the tu do pha
    huy cac file khac neu nhu ban biet chinh xac vi tri cua no.

    Lo hong bao mat thu hai: Cac Hacker co the sua doi noi dung file stats.pl bang doan
    Script co san. Tat nhien la viec nay co ich cho viec Attack roi, chang ai thua com ma
    di sua lung tung ca. Ban ra DOS go:
    perl omnismash.pl localhost 80 -inject duong_dan_cua_file_stats.pl

    De lam duoc dieu nay ban phai biet chinh xac vi tri cua file stats.pl....Neu nhu
    OmniHTTPd duoc Setting o che do Default thi duong dan cua no co the la c:\httpd\cgi-
    bin ...Noi chung cai nay thi con tuy Server, tuy Admin....

    VD: perl omnismash.pl localhost 80 -inject c:\httpd\cgi-bin

    Neu thanh cong, file stats.pl da duoc thay the. Ban khoi dong Browser cua minh trong
    Form Address go http://localhost/cgi-bin/stats.pl?|dir thi ban se nhin thay duoc cac file
    trong trong thu muc cgi-bin. P..h..u vay la ban da Hack song mot Webserver Omni
    HTTPd roi do. Bua no toi len mang kitoi duoc duoc mot dia chi goi Bug Web (dai loai la
    cac trang Web bi dinh Bug...chuyen dung de cho cac Hacker moi vo nghe thuc hanh
    duoi day la dia chi cua no)

    http://www.tlsecurity.net/archive/exploits/02_01/[Vuln.05.02.2001].java.server.txt

    http://www.tlsecurity.net/archive/exploits/02_01/[Vuln.05.02.2001].hsweb.root.exposu
    re.txt

    http://www.tlsecurity.net/archive/exploits/02_01/[Vuln.05.02.2001].sedum.txt

    http://www.tlsecurity.net/archive/exploits/02_01/[Vuln.05.02.2001].bibliowebserver.txt
    http://www.tlsecurity.net/archive/exploits/02_01/[Vuln.05.02.2001].picserver.txt

    You might also like