Bug in Eupload 
                            -----------------
                  | By Zero_Byte || zero_byte@bigfoot.com |
                            | ICQ# 98177781 |



1.1 - [ What is Eupload? ] 

       Eupload, is an web utility used to facilitate the update of web sites
by means of scripts CGI. This tool allows the ascent of files to the servant by 
means of an web interface. 
The administrators can configure the script to create different users  
that they can use the upload.  
This tool is ideal for the administrator that wants to allow the users to go up 
files to the server, without the necessity of creating new FTP accounts. 



1.4 - [ Current versions ] 

       The current version is 1.0. 



                   == == == == == == == == == == == == == == == 


2 - [ Bug ] 


2.1 - [ Explanation ] 

       The bug is in the file 'password.txt', which is the file 
that he keeps all the users and their respective passwords, together with 
the directory were each user can work. 
This file once created with all the data is stored in the same directory 
that the CGI and all the information is kept in plane text. 
This is a very serious problem since it is very easy own the service and in 
consequence, the easiness of being able to replace any file of the site. 



3 - [ Exploitation ] 

     The exploitation is very simple because the previously mentioned bug 
it doesn't need of many maneuvers to be able to be exploited. 
The access to the file can be through the browser, which visualizes everything 
correctly. 
Once we get the login and the pass, we proceed to log on into the tool. 



4 - [ Solution ] 

     Change the name of the file ' password.txt' and change the following 
configuration in the file 'upload.cgi': 
my $PASSWORD_FILE = $DATA_DIR. ' PASSWORD.TXT' 

Where 'password.txt' is the name that we will change, for the new one that we 
have created.  
  


| Zero_Byte || zero_byte@bigfoot.com || ICQ# 98177781 |