TUCoPS :: Web :: Servers :: omniht.txt

OmniHTTPd Web Server comes with a sample CGI that can be used to fill the webservers disk.


[ http://www.rootshell.com/ ]

Date:         Sat, 5 Jun 1999 09:53:51 +0300
From:         Valentin Perelogin <viktor@PARNU.EE>
Subject:      Remote Exploit (Bug) in OmniHTTPd Web Server

Hi all, The exploit (bug) will make temp files on the server until servers
hdd is full. And anyone can do it remotely. By default visadmin.exe (Visitor
Administrator) is in cgi-bin directory.

What you need to do, is to type this url:

http://omni.server/cgi-bin/visadmin.exe?user=guest

Thats all. Now in some minutes is servers hdd full!!

Fix: Remove visadmin.exe from cgi-bin directory.

Valentin Perelġgin


TUCoPS is optimized to look best in Firefox® on a widescreen monitor (1440x900 or better).
Site design & layout copyright © 1986-2024 AOH