SecuriTeam - LiteWeb Authentication Bypassing

Security News - Security Reviews - Exploits - Tools - UNIX Focus - Windows Focus

Ask the Team
Mailing Lists
Advertising Info
Advisories
About SecuriTeam
Blogs

Brought to you by:

Suppliers of:

SecuriTeam in Your Inbox

New vulnerability?
New tool?
Tell us
(Our PGP key).

LiteWeb is "a powerful web server that handles multiple domains and supports PHP, Perl, MySQL, and much more".

A vulnerability in LiteWeb web server allows remote attackers to access password protected files by providing the remote server with a malformed URI.

Credit:
The information has been provided by Ziv Kamir.

Website Security Scan	Code Vulnerability Test	Network Assessment Tool
Detect hidden vulnerabilities	Exhaustive automated testing	Real-time, continuous security
Get guidance from professionals	of internal or 3rd party code.	scanning for your entire network

Protect your website!
Use an External Vulnerability Scanner!
Nothing to install. First report in 1 hour!
www.beyondsecurity.com/vulnerability-scanner

Vulnerable Systems:
* LiteWeb Server version 2.5

A remote user can access password-protected files on the server without having to authenticate by providing the remote server with a malformed URI:
http://Target/\admin\/login.html
http://Target//admin//login.html

	Microsoft Indeo Codec Memory Corruption Vulnerability
	HP DDMI Execution of Arbitrary Code
	Microsoft Windows License Logging Service Heap Corruption Vulnerability
	Microsoft Office Excel Code Execution Vulnerabilities
	Microsoft SharePoint 2007 ASP.NET Source Code Disclosure
	Microsoft Windows Local Security Authority Integer Overflow Vulnerability
	Windows Kernel Multiple Vulnerabilities
	Microsoft Windows ActiveX Indexing Service Memory Corruption Vulnerability
	Microsoft IIS FTP Service Code Execution and DoS Vulnerability
	Microsoft GDI+ Multiple Vulnerabilities
	Microsoft .NET Common Language Runtime Multiple Vulnereabilities
	Microsoft Active Template Library ActiveX Controls Multiple Vulnerabilities
	ActiveX Active Template Library Initialization Vulnerability
	Internet Explorer Multiple Remote Code Execution Vulnerabilities
	Windows Media Player ASF File Remote Code Execution

Featured Articles

	Microsoft Embedded OpenType Font Engine Heap Buffer Overflow (MS09-029)
	Virtualmin Multiple Vulnerabilities
	Microsoft WordPad Word97 Converter Stack Buffer Overflow Vulnerability (MS09-010)
	WordPress Unchecked Privileges in admin.php and Multiple Information Disclosures
	Microsoft PowerPoint Conversion Filter Heap Corruption Vulnerability (MS09-017)
	Adobe Shockwave Player Director File Parsing Pointer Overwrite
	Mozilla Firefox Java Applet Loading Vulnerability

Security News - Security Reviews - Exploits - Tools - UNIX Focus - Windows Focus - Blogs - CVEs