Vulnerability

    Alibaba

Affected

    Alibaba 2.0

Description

    Thomas  Dullien  found  following.   He  tried  a  little freeware
    webserver named  Alibaba 2.0  and found  an exploitable  overflow.
    He telnetted to 127.0.0.1:80 and crashed it using

        POST [enter 1028 'x'] / HTTP/1.0

    From a disassembled listing Thomas found that it uses a

        scanf("%s %s %s", szName, szFile, szSomething);

    where szFile  is a  local variable  of 0x400  (=1024) bytes on the
    stack directly above  the return address.   Coding an exploit  for
    this is going to be a  little tricky as it mustn't have  any 0x20,
    0x00,  0x61-0x7A  in  it  since  these  bytes  are  changes by the
    foregoing function that converts everything into uppercase.

Solution

    The  authorswere  contacted  but  they  stated  since its freeware
    there will be no support to it!?