Simple Web Server (SWS) Test Case
Simple Web Server version 3.0.3
MD5: e388d763b304e92b56717e1e66ba3f6a
SHA1: 229e7b865fb678ab2ead301e09ab528c306b0efe
Beyond Security's Simple Web Server (SWS) is a web server application created for internal testing of the beSTORM fuzzer, while working on the HTTP 1.0 and HTTP 1.1 protocol modules. The server was built with a large set of common security holes which allows testing of fuzzing tools functionality and scenario coverage.
Currently, use of this application has evolved and it is also used for training new engineers in basic exploitation and customer training of QA Security engineers and Black Box Testers.
Technical details
The web server does not support the entire HTTP protocol suite, however it will work as a standard web server with any browser.
Vulnerabilities found in the application:
- Off-By-One in Content-Length (Integer overflow/malloc issue)
- Overflow in User-Agent
- Overflow in Method
- Overflow in URI
- Overflow in Host
- Overflow in Version
- Overflow in complete packet
- Off By One in Receive function (linefeed/carriage return issue)
- Overflow in Authorization Type
- Overflow in Base64 decoded
- Overflow in Username of authorization
- Overflow in Password of authorization
- Overflow in Body
- Cross site scripting
Disclaimer and legal notice
This web server MUST NEVER BE USED ON THE INTERNET, it is very vulnerable and can be trivially exploited. Beyond Security takes no responsibility for this software, nor any use or misuse made of or with it. It is provided AS-IS with no warranty or liability.
Download
To download SWS, click here.
More beSTORM Test Cases
For more information about the beSTORM fuzzer and a demo download, click here.
To download the ANI 0day fuzzing module, click here.
|