[10729] in bugtraq

home help back first fref pref prev next nref lref last post

Remote Exploit (Bug) in OmniHTTPd Web Server

daemon@ATHENA.MIT.EDU (Valentin Perelogin)
Sun Jun 6 13:26:12 1999

Mime-Version: 1.0
Content-Type: text/plain; charset=iso-8859-1
Content-Transfer-Encoding: QUOTED-PRINTABLE
Message-Id: <3758C97E.68C9CC4B@parnu.ee>
Date: 	Sat, 5 Jun 1999 09:53:51 +0300
Reply-To: Valentin Perelogin <viktor@PARNU.EE>
From: Valentin Perelogin <viktor@PARNU.EE>
To: BUGTRAQ@NETSPACE.ORG

Hi all,
The exploit (bug) will make temp files on the server until servers hdd
is full.
And anyone can do it remotely.
By default visadmin.exe (Visitor Administrator) is in cgi-bin directory=
.

What you need to do, is to type this url:
http://omni.server/cgi-bin/visadmin.exe?user=3Dguest
Thats all. Now in some minutes is servers hdd full!!

Fix: Remove visadmin.exe from cgi-bin directory.

Valentin Perel=F5gin

home help back first fref pref prev next nref lref last post