TUCoPS :: Web :: Servers :: tornado2.txt

Tornado www-server v1.2 multiple bugs 

-----BEGIN PGP SIGNED MESSAGE-----


################################################################
# _____ __ __ ___ #
# ........\ \.| |.| |/ \........ #
# : / \| | | | __> : #
# : / _ \ |_| | / __ : #
# : / / \ | <_/ \ : #
# :..../ _/ / _ | ` \....: #
# : \_________/__| |__|_______/ : #
# : Damage Hacking Group : #
# : Security Advisory : #
# :.............................: #
# #
# <http://www.dhgroup.org> #
#b d#
##b,________________________________________________________.d##
| |
Product: Tornado www-server v1.2
Authors: www.softrex.com/tornado/ <http://www.softrex.com/tornado/>
| Vulnerability: multiple bugs |
#--------------------------------------------------------------#
| Overview: |
~~~~~~~~~

Another one http server
| |
#--------------------------------------------------------------#
| Problem: |
~~~~~~~~

This server is one BiG problem. IMHO is most dangerous server.
Main bug in DNA ;D Attacker may see any files in system (but
only if he know path and filename), may crash server (and exec
malicious code) by sending long http request. Examples:

www.server.com/../existing_file <http://www.server.com/../existing_file> <-file be showed

www.server.com/aa[more <http://www.server.com/aa[more> than 471 chars]
| |
#--------------------------------------------------------------#
| Exploit: |
~~~~~~~~

Naah, its not interesting. Lets authors code something better.
| |
#--------------------------------------------------------------#
| :wow: |
~~~
NeKr0 /DHG www.dhgroup.org <http://www.dhgroup.org>
| |
#______________________________________________________________#
\___________________________da_end___________________________/ 

Best regards www.dhgroup.org <http://www.dhgroup.org>
D4rkGr3y icq 540981



-----BEGIN PGP SIGNATURE-----
Version: PGPfreeware 7.0.3 for non-commercial use <<http://www.pgp.com>>

iQCVAwUBPtaTMW4LIpseSJmPAQFU5AP/bO2H6whq/DXFdjYndYthn3sC35RlR6Lh
TF9tuOZyTPzsRwf0wKZEw3ivtyoAKVL3Qn6a+kCC7XE049TViDujQ5ykevkADl41
aA1E+wqV23xZjJfLuDBuJNgl2TbaJop+qYvrE5Rh83k81q4MdGLAuwQkM57M5xch
5JSPz5M1yC0=
=dw5D
-----END PGP SIGNATURE-----

TUCoPS is optimized to look best in Firefox® on a widescreen monitor (1440x900 or better).
Site design & layout copyright © 1986-2024 AOH