[10729] in bugtraq
Remote Exploit (Bug) in OmniHTTPd Web Server
daemon@ATHENA.MIT.EDU (Valentin Perelogin)
Sun Jun 6 13:26:12 1999
Mime-Version: 1.0
Content-Type: text/plain; charset=iso-8859-1
Content-Transfer-Encoding: QUOTED-PRINTABLE
Message-Id: <3758C97E.68C9CC4B@parnu.ee>
Date: Sat, 5 Jun 1999 09:53:51 +0300
Reply-To: Valentin Perelogin <viktor@PARNU.EE>
From: Valentin Perelogin <viktor@PARNU.EE>
To: BUGTRAQ@NETSPACE.ORG
Hi all,
The exploit (bug) will make temp files on the server until servers hdd
is full.
And anyone can do it remotely.
By default visadmin.exe (Visitor Administrator) is in cgi-bin directory=
.
What you need to do, is to type this url:
http://omni.server/cgi-bin/visadmin.exe?user=3Dguest
Thats all. Now in some minutes is servers hdd full!!
Fix: Remove visadmin.exe from cgi-bin directory.
Valentin Perel=F5gin