Author: 0x90
-
Archive: Cherokee Web Server 0.5.4 Denial Of Service
####################################################### # # Name : Cherokee Web Server 0.5.4 Denial Of Service # Author: Usman Saeed # Company: Xc0re Security Research Group # Website: Xc0re.net # DATE: 25/10/09 # Tested on Windows ! ####################################################### Disclaimer: [This code is for Educational Purposes , I would Not be responsible for any misuse of this code] [*] Download…
-
Archive: BSR Webweaver 1.33 /script security Bypass vulnerability
BSR Webweaver 1.33 Author : Usman Saeed , Exploit @ Xc0re Security Research Group. [*] Date: 15/09/09 [*] http://www.brswebweaver.com/downloads.html [*] Attack type : Remote [*] Patch Status : Unpatched [*] Description : In ISAPI/CGI path is [%installdirectory%/scripts] and through HTTP the alias is [http://[host]/scripts] ,The access security check is that if the attacker tries to…
-
Archive: Kolibri+ Webserver 2 Multiple Vulnerabilities
Kolibri+ Webserver 2 suffers from multiple vulnerabilities namely Directory Traversal & Denial OF Service. Vulnerability was reported on 6th of September 2009 by Xc0re Security Research Group. http://xc0re.net/index.php?p=1_19_Kolibri+-Webserver-2-multiple-vulnerabilities An attacker can easily crash the server , or send a crafted http request to escape the root directory and view any file , even outside the…
-
Archive: Web Application firewall bypass !
Web Application security is very important nowadays ! especially due to ecommerce. Hence Web Application firewalls came into being ! which automatically filter out the malicious query string. And many high end technology giants have them installed ! But what IF ???!!! Some one bypasses the WAF (Web Application Firewalls) , and because of the…