CVE-2007-1260
published 2007-03-03CVE-2007-1260: Stack-based buffer overflow in the connectHandle function in server.cpp in WebMod 0.48 allows remote attackers to execute arbitrary code via a long string in…
PriorityP347high7.5CVSS 2.0
AVNACLAuNCPIPAP
EXPLOIT
EPSS
5.36%
91.6th percentile
Stack-based buffer overflow in the connectHandle function in server.cpp in WebMod 0.48 allows remote attackers to execute arbitrary code via a long string in the Content-Length HTTP header.
Affected
1 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| webmod | webmod | — | — |
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No detection rules found.
Exploit-DB
Horde Web-Mail 3.x - 'go.php' Remote File Disclosure
exploitdb·2008-01-06
CVE-2006-1260 Horde Web-Mail 3.x - 'go.php' Remote File Disclosure
Horde Web-Mail 3.x - 'go.php' Remote File Disclosure
---
----[ Horde Web-Mail Remote File Disclosure ... ITDefence.ru Antichat.ru ]
Horde Web-Mail Remote File Disclosure
Eugene Minaev [email protected]
____/ __ __ _______________________ _______ _______________ \ \ \
/ .\ / /_// // / \ \/ __ \ /__/ /
/ / /_// /\ / / / / /___/
\/ / / / / /\ / / /
/ / \/ / / / / /__ //\
\ / ____________/ / \/ __________// /__ // /
/\\ \_______/ \________________/____/ 2007 /_//_/ // //\
\ \\ // // /
.\ \\ -[ ITDEFENCE.ru Security advisory ]- // // / .
. \_\\________[________________________________________]_________//_//_/ . .
At first look , this code is not vulnerable and we can only read remote files.
But parse_url is only a set of regular expressions and we can use nullbyte to deceive functi
Exploit-DB
WebMod 0.48 - Content-Length Remote Buffer Overflow
exploitdb·2007-03-01
CVE-2007-1260 WebMod 0.48 - Content-Length Remote Buffer Overflow
WebMod 0.48 - Content-Length Remote Buffer Overflow
---
/*
* WebMod Stack Buffer Overflow
*
* by cybermind (Kevin Masterson)
* [email protected]
*
* WebMod v0.48 exploit PoC code
*
*/
#include
#include
#include
#define WIN32_LEAN_AND_MEAN
#include
#include
#pragma comment (lib, "ws2_32.lib")
/*
local variables in connectHandle():
char *input; 4
char buf[8192+1]; 8193
int i,j; 8
int connfd; 4
int myid; 4
threaddata_t *tdata; 4
httpquery_t query; 149036
char tmp[1025]; 1025
int rcv; 4
char clbuf[11]; 11
total: 158293
actual (due to padding): 158308
breakdown of types:
typedef struct s_var { 546
char name[33]; 33
char value[513]; 513
} var_s;
typedef struct s_httpquery { 149036
char method[11]; 11
char clientip[16]; 16
char url[257]; 257
char *get; 4
char *post; 4
char *cookies; 4
No writeups or analysis indexed.
http://cybermind.user.stfunoob.com/w48crash/http://osvdb.org/33834http://secunia.com/advisories/24346http://www.securityfocus.com/bid/22788https://exchange.xforce.ibmcloud.com/vulnerabilities/32755https://www.exploit-db.com/exploits/3395http://cybermind.user.stfunoob.com/w48crash/http://osvdb.org/33834http://secunia.com/advisories/24346http://www.securityfocus.com/bid/22788https://exchange.xforce.ibmcloud.com/vulnerabilities/32755https://www.exploit-db.com/exploits/3395
2007-03-03
Published