John Roy Pi3Web 1.0.1 - Buffer Overflow

EDB-ID:

20634


Author:

joetesta

Type:

dos


Platform:

Windows

Date:

2001-02-15


source: https://www.securityfocus.com/bid/2381/info


A buffer overflow vulnerability has been reported in John Roy Pi3Web web server. The ISAPI application within the server fails to properly handle user supplied input. Requesting a specially crafted URL will cause the buffer to overflow and possibly allow the execution of arbitrary code.

Pi3Web has also been known to disclose the physical path to the web root by requesting an invalid URL. 

http://target/isapi/tstisapi.dll?[a lot of 'A's]

http://localhost/[any string which causes a 404 error]