NaviCopa webserver 3.01 Multiple Vulnerabilities

To: bugtraq@xxxxxxxxxxxxxxxxx
Subject: NaviCopa webserver 3.01 Multiple Vulnerabilities
From: ew1zz@xxxxxxxxxxx
Date: Mon, 2 Feb 2009 17:59:00 -0700
List-help: <mailto:bugtraq-help@securityfocus.com>
List-id: <bugtraq.list-id.securityfocus.com>
List-post: <mailto:bugtraq@securityfocus.com>
List-subscribe: <mailto:bugtraq-subscribe@securityfocus.com>
List-unsubscribe: <mailto:bugtraq-unsubscribe@securityfocus.com>
Mailing-list: contact bugtraq-help@xxxxxxxxxxxxxxxxx; run by ezmlm

######################  NaviCopa webserver 3.0.1 Multiple Vulnerabilities   
#################


##### By:  e.wiZz!    Bosnian Idiot FTW!

##### Mail:  ew1zz@xxxxxxxxxxx

##### Greetz goes to GYEZ(you know who you are lol)




In the wild...

################################################

##### Vendor site:  http://www.navicopa.com/

##### Platforms: Windows OS only

#####Info:  Award Winning NaviCOPA is ideal for business users who require a 
powerful and flexible Web Server,
but don't want to have to spend months learning how to configure it.



######[Script Source Disclousure]###############

If we add dot at end of URI,server won't execute script,so we can see source 
code:

PoC:

http://localhost/index.html.



###########[Buffer Overflow]#####################

Buffer Overflow exist if we supply more than 5400~ characters to root 
directory.Similar thing reported
at version 2.01 of this software  http://www.securityfocus.com/bid/20250   
(/cgi-bin/AAAA..)

PoC:

GET /AAAAAAAAAAAAAAAAAA... HTTP/1.0   




In memory of shinnai.

Prev by Date: Security Advisory for Bugzilla 3.2.1, 3.0.7, and 3.3.2
Next by Date: SMF 1.1.7 Persistent XSS (requires permision to edit censor)
Previous by thread: Security Advisory for Bugzilla 3.2.1, 3.0.7, and 3.3.2
Next by thread: SMF 1.1.7 Persistent XSS (requires permision to edit censor)
Index(es):
- Date
- Thread