Pegasi022.txt

Pegasi022.txt: Posted Mar 12, 2004; Authored by Donato Ferrante | Site autistici.org; Pegasi Web Server aka PWS version 0.2.2 is susceptible to cross site scripting and directory traversal attacks due to a lack of input validation.; tags | exploit, web, xss; SHA-256 | ccd71dc5d0be8fa6f24ab7dc8902149371dfd6778c4a2812f4af37674bae8aa3; Download | Favorite | View

Pegasi022.txt

                           Donato Ferrante


Application:  Pegasi Web Server (PWS)
              https://pws.sourceforge.net

Version:      0.2.2

Bugs:         Multiple Vulnerabilities

Author:       Donato Ferrante
              e-mail: fdonato@autistici.org
              web:    www.autistici.org/fdonato


xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx

1. Description
2. The bugs
3. The code
4. The fix



xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx

----------------
1. Description:
----------------

Vendor's Description:

"Pegasi Web Server (PWS) is a multithreading Java Web server. It is
written by students at the PegasiLUG as a project for Networking."



xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx

-------------
2. The bugs:
-------------

[1] directory traversal bug: the program doesn't check for malicious
    patterns like "/../", so an attacker is able to navigate through
    the system simply using a browser.


[2] cross site scripting bug: the user input strings are not filtered
    and they will appear in the returned page.



xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx

-------------
3. The code:
-------------

To test the vulnerabilities:

[1]

https://[host]:8080/../../../../etc/passwd

or:

https://[host]:8080/../


[2]

https://[host]:8080/<script>alert("Test")</script>



xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx

------------
4. The fix:
------------

No fix.
The email addresses provided on the official website seem don't work.


If you want, you can use my following little patch, that should fix
the bugs for this version of Pegasi Web Server:

        ...
        ..
        .

( line: 30 of FileFinder.java ) FileFinder(String httpURIPath)
{

/* start of patch for [1] */


boolean done = false;

for(int z = 0; z < httpURIPath.length()-1; z++){
  if( httpURIPath.charAt(z) == '.' && httpURIPath.charAt(z+1) == '.'){
       this.status = -1;
       done = true;
  }
}

if( done == true ) return;


/* end of patch for [1] */

        .
        ..
        ...

                          - - - - -
        ...
        ..
        .

( line: 233 of Connection.java )

/* start of patch for [2] */


     case -1:    /* nothing found */
     {
       Misc.putSysMessage(0,"Requested file was NOT found.");
       output.outputError(404, " ");
       //before "output.outputError(404,httpURI);"
       break;
     }

     
/* end of patch for [2] */

      .
      ..
      ...



xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx

Top Authors In Last 30 Days

Red Hat 228 files
indoushka 168 files
Jay Turla 150 files
Ubuntu 69 files
h00die 54 files
juan vazquez 43 files
sinn3r 41 files
H D Moore 31 files
Karn Ganeshen 23 files
Pedro Ribeiro 22 files

File Archives

Systems

AIX (430)
Apple (2,114)
BSD (378)
CentOS (61)
Cisco (1,954)
Debian (7,125)
Fedora (1,693)
FreeBSD (1,247)
Gentoo (4,587)
HPUX (881)
iOS (389)
iPhone (108)
IRIX (220)
Juniper (71)
Linux (51,263)
Mac OS X (696)
Mandriva (3,105)
NetBSD (256)
OpenBSD (490)
RedHat (16,845)
Slackware (941)
Solaris (1,615)
SUSE (1,444)
Ubuntu (9,856)
UNIX (9,457)
UnixWare (188)
Windows (6,772)
Other

Pegasi022.txt

Pegasi022.txt

File Archive:

September 2024

Top Authors In Last 30 Days

File Tags

File Archives

Systems

Pegasi022.txt

Share This

Pegasi022.txt

File Archive:

September 2024

Top Authors In Last 30 Days

File Tags

File Archives

Systems