NaviCopa webserver 3.0.1 Multiple Vulnerabilities

vendor:

NaviCopa webserver

by:

e.wiZz! Bosnian Idiot FTW!

7.5

CVSS

HIGH

Script Source Disclousure, Buffer Overflow

94, 119

CWE

Product Name: NaviCopa webserver

Affected Version From: 3.0.1

Affected Version To: 3.0.1

Patch Exists: NO

Related CWE: N/A

CPE: N/A

Metasploit: N/A

Other Scripts: N/A

Tags: N/A

CVSS Metrics: N/A

Nuclei References: N/A

Nuclei Metadata: N/A

Platforms Tested: Windows OS

2009

NaviCopa webserver 3.0.1 Multiple Vulnerabilities

If we add dot at end of URI,server won't execute script,so we can see source code. Buffer Overflow exist if we supply more than 5400~ characters to root directory.

Mitigation:

Ensure that the web server is configured to not allow users to access source code of scripts.

Source

Exploit-DB raw data:

######################  NaviCopa webserver 3.0.1 Multiple Vulnerabilities   #################


##### By:  e.wiZz!    Bosnian Idiot FTW!

##### Mail:  ew1zz@hotmail.com

##### Greetz goes to GYEZ(you know who you are lol)




In the wild...

################################################

##### Vendor site:  http://www.navicopa.com/

##### Platforms: Windows OS only

#####Info:  Award Winning NaviCOPA is ideal for business users who require a powerful and flexible Web Server,
but don't want to have to spend months learning how to configure it.



######[Script Source Disclousure]###############

If we add dot at end of URI,server won't execute script,so we can see source code:

PoC:

http://localhost/index.html.



###########[Buffer Overflow]#####################

Buffer Overflow exist if we supply more than 5400~ characters to root directory.Similar thing reported
at version 2.01 of this software  https://www.securityfocus.com/bid/20250   (/cgi-bin/AAAA..)

PoC:

GET /AAAAAAAAAAAAAAAAAA... HTTP/1.0   




In memory of shinnai.

# milw0rm.com [2009-02-03]