Search | Research | Contact Us Tuesday January 17, 2022
Most Viewed Items
  1 PHPXMLRPC Library Remote Code Execution
  2 Multiple Invision Power Board Vulnerabilities
  3 eBay And Amazon Still Vulnerable
  4 XOOPS 2.0.11 && Earlier Multiple Vulnerabilities
  5 Woltlab Burning Board SQL Injection Vulnerability
  6 When Small Mistakes Can Cause Big Problems
  7 Multiple Vulnerabilities In phpWebsite
  8 Critical Vulnerability In Help Center Live
  9 dbPowerAmp Buffer Overflow And DoS Vulnerabilities
10 Document Object Model Hijacking Explained
Need Secure Code?
Quick Search
You can use the form below to search our site. Just enter the keywords to search.
Home Services Archives Research Downloads Contact
Easy File Sharing Webserver v1.25 Vulnerabilities
August 24, 2021
Vendor : EFS Software Inc
Version : Easy File Sharing Webserver v1.25
Risk : Multiple Vulnerabilities

Easy File Sharing Web Server is a file sharing software that allows visitors to upload/download files easily through a Web Browser (IE,Netscape,Opera etc.). It can help you share files with your friends and colleagues. They can download files from your computer or upload files from theirs. They will not be required to install this software or any other software because an internet browser is enough. Easy File Sharing Web Server also provides a Bulletin Board System (Forum). It allows remote users to post messages and files to the forum.

Unauthorized System Access:
The authorization function used by EFS Webserver is supposed to keep just anyone from being able to access your files. But this is not the case and an attacker has read access to the entire hard drive by default.

This url will give an attacker read access to the entire C drive. The issue is exploited by requesting the name of a virtual folder on the server.

Denial of Service:
Easy File Sharing Web Server can be DoS'ed and even remotely crashed by sending a number of large HTTP requests to the web server. The CPU usage goes up to 99% and in some cases crash.

Proof Of Concept:

Vendor was contacted, but never replied to my emails.

James Bercegay of the GulfTech Security Research Team.