O"Reilly Website UPLOADER.EXE Vulnerable

Reported September 3, 1997 by Herman de Vette

Systems Affected

Systems Running Website with the UPLOADER.EXE in place

The Problem

Website ships with a program called UPLOADER.EXE that allows compatible Web clients to upload files to the Web server. Using UPLOADER.EXE with a modified HTML page allows an intruder to upload an file the wish, including malicious programs for execution on the Web server.

The following is from Herman:

The program uploader.exe doesn"t check anything at all. If you"re lucky, you"re running Windows NT and have put only read/execute access on CGI-WIN and other executable paths. Otherwise (win95) you have a real problem. You could create a CGI program, next you change the HTML file.

Open the HTML file in your browser, select a nice CGI file to upload and run that CGI program remotely. (No need to tell you what this CGI program could do, could be .bat file too in one of Website"s other CGI directories)

Herman de Vette

Stopping the Problem:

SOLUTION: remove uploader.exe, delete it, empty your trash bin and use ftp for file-uploads.

O"Reilly"s Response:

The firms says a fix is available HERE The revised uploader.exe was also included in WebSite 1.1g. HOWEVER, THE BUG IS PRESENT IN WEBSITE 2.0 BETA. .

To learn more about new NT security concerns, subscribe to NTSD.

Credit:
Reported by Herman de Vette
Posted here at NTSecurity.Net September 5, 1997 12am