Lucene search

K
securityvulnsSecurityvulnsSECURITYVULNS:DOC:11765
HistoryMar 09, 2006 - 12:00 a.m.

Easy File Sharing Web Server Multiple Vulnerablilities

2006-03-0900:00:00
vulners.com
90

Easy File Sharing Web Server Multiple Vulnerablilities

Software: Easy File Sharing Web Server
Version: 3.2
Website: http://www.sharing-file.com/

Description:
Easy File Sharing Web Server is a Windows program that allows
you to host a secure peer-to-peer and web-based file sharing
system without any additional software or services.

Vulnerabilities:

1) Remote System Compromise:

A registered user can upload a malicious file to a Startup folder,
leading to system compromise after reboot.
http://192.168.1.1/disk_c/Documents%20and%20Settings/All%20Users/Start%20Menu/Programs/Startup

Exploit: not needed.

2) Denial of Service:

By sending a specifically crafted GET request, the EFS web server
will crash.

Exploit: http://192.168.1.1/?%25n

3) Cross-Site Scripting:

It is possible to insert arbitrary script code like
<script>alert(document.cookie);</script>
in "Description" field when creating a folder or uploading a file.

Tested on:
Windows 2000 SP4
Windows XP SP2

Credit:
Discovered by Revnic Vasile
[email protected]