Home    |    View Topics    |    Search    |    Contact Us    |   



Category:   Application (Web Server/CGI)  >   Twilight Utilities Web Server Vendors:   Twilight Utilities
Twilight Utilities Web Server 'postfile.exe' Lets Remote Users Upload Files to Arbitrary Locations
SecurityTracker Alert ID:  1009443
SecurityTracker URL:
CVE Reference:   GENERIC-MAP-NOMATCH   (Links to External Site)
Date:  Mar 16 2004
Impact:   Execution of arbitrary code via network, Modification of system information, Modification of user information, User access via network
Exploit Included:  Yes  
Description:   Two vulnerabilities were reported in the Twilight Utilities Web Server in 'postfile.exe'. A remote user can upload files to arbitrary locations and may be able to execute arbitrary code.

Dr_insane reported that a remote user with access to 'postfile.exe' can supply a specially crafted filename for the 'attfile' value to trigger a buffer overflow. A demonstration exploit URL is provided:


It is also reported that the remote user can create files located outside of the web document directory. A demonstration exploit URL is provided:


The original advisory is available at:

Impact:   A remote user may be able to cause 'postfile.exe' to execute arbitrary code.

A remote user can upload files to arbitrary locations on the target system with the privileges of the web service.

Solution:   No solution was available at the time of this entry.
Vendor URL: (Links to External Site)
Cause:   Access control error, Boundary error, Input validation error
Underlying OS:  Windows (Any)

Message History:   None.

 Source Message Contents


TW-webserver Postfile.exe buffer overflow

Release Date:
March 16, 2004



Systems Affected:
Microsoft Windows NT 4.0 (all versions)
Microsoft Windows 2000 (SP3 and earlier)
Microsoft Windows XP (all versions)
Microsoft Windows 9x

Technical Description:
The default installation of Tw-webserver comes with a script named Postfile.exe that allow
a user to upload files on the server. Two problems have been identified that may allow an 
to use postfile.exe to compromise a remote server.
1) The first problem is a buffer overflow in postfile.exe when you try to upload a file 
that its
filename is greater than 250 bytes. Postfile.exe will crash by generating an error message:
0x77c1213b ------> 0x0000000000 , Memory could not be read

2)The second problem is that everyone can create files outside the www home directory 
using the postfile.exe.

The file "snif.html" will be created on the root drive. This attack could be used to Dos a 
server by filling up its
hard disk drive.

Pr00f of concept code:
sorry, nothing at the moment:)


Please send your comments to:


Go to the Top of This SecurityTracker Archive Page

Home   |    View Topics   |    Search   |    Contact Us

This web site uses cookies for web analytics. Learn More

Copyright 2021, LLC