From: Gadi Evron (ge@linuxbox.org)
Date: Mon Sep 10 2007 - 02:06:29 EDT
Every once in a while (last time a few months ago) someone emails one of
the mailing lists about searching for an example binary, mostly for:
- Reverse engineering for vulnerabilities, as a study tool.
- Testing fuzzers
Some of these exist, but I asked my employer, Beyond Security, to release
our test application, specific for testing fuzzing (built for the beSTORM
fuzzer). They agreed to release the HTTP version, following their
agreement to release our ANI XML specification.
The GUI allows you to choose what port your want to run it on, as well as
which vulnerabilities should be "active".
It is called Simple Web Server or SWS, and has the following
vulnerabilities:
1. Off-By-One in Content-Length (Integer overflow/malloc issue)
2. Overflow in User-Agent
3. Overflow in Method
4. Overflow in URI
5. Overflow in Host
6. Overflow in Version
7. Overflow in complete packet
8. Off By One in Receive function (linefeed/carriage return issue)
9. Overflow in Authorization Type
10. Overflow in Base64 decoded
11. Overflow in Username of authorization
12. Overflow in Password of authorization
13. Overflow in Body
14. Cross site scripting
It can be found on Beyond Security's website, here:
http://www.beyondsecurity.com/sws_overview.html
Thanks,
Gadi Evron.
------------------------------------------------------------------------
This list is sponsored by: Cenzic
Need to secure your web apps NOW?
Cenzic finds more, "real" vulnerabilities fast.
Click to try it, buy it or download a solution FREE today!
http://www.cenzic.com/downloads
------------------------------------------------------------------------
This archive was generated by hypermail 2.1.7 : Sat Apr 12 2008 - 10:58:06 EDT