KNet v1.01

[Killswitch]

I have been developing a webserver in Purebasic, its really simple to use and I hope someone can find a use for it! Vesion v1.0 was released last night and I've only fixed a small problem with the server to make it v1.01 this morning.

If you find any bugs, problems or just have any comments please email me at:

evil_grunger@hotmail.com

Edit:

Download will now work, sorry about the lack of screenies!

Download Here!

[thefool]

cant download..

[blueznl]

no screenie no download...

[DoubleDutch]

cannot download...

[Killswitch]

Really sorry for the problems. The download link should now work (it does work for me), so hopefully you'll all be able to see KNet!

[Tommeh]

Ok i downloaded it and tryed it... My honest opinions? It needs a lot of work, It looks like a spruced up version of Atomic Web Server, and i'll tell you why it needs a lot of work.

Directory traversing is not blocked! This means if another person knows the name of the file, they can access ANY file they wish on your computer

The web server is very easy to crash by sending a long url string.

Good luck and have fun programming

[blueznl]

exe but no source?

[Killswitch]

Hey I'm not a stranger to hard work. You are right in one respect this webserver is based around Atomic but it is heavily modified (and I did get permission to sell the application commercially - but decided not to).

Directory traversing is not blocked! This means if another person knows the name of the file, they can access ANY file they wish on your computer

I have tried to replicate this and it doesn't seem to be true. Whenever a file is requested the base directory path is prefixed to the request file. If someone were to request C:\Windows it would end up as somthing like A:\Website\C:\Windows. A person could travel down into the sub directories of the root path, but I think this is an advantage. How many of you have seperate files on your server for seperate things, i.e. ../root/images/ ect. Please correct me if I am wrong on any of this.

In any case I will continue to update the program!

Edit:

Version 1.02 is now avaliable, with a new pop up menu for the task bar!

Download v1.02

[NoahPhense]

Let me know if you need a place to host.. You can use my server.

- np

www.liquidbuzz.com

[Tommeh]

Ok for instance:

Say i have mine with the root directory C:\home\webserver

Although you are adding C:\home\webserver onto the end, if somebody has a dir as \..\ regardless of the root directory, it will go one directory up

So we now have C:\home\webserver\..\ When you use any command to see if the file exists or read from it, it will read one directory up, and to do more than one directory, \...\ or \..\..\

So try it, place the web server in C:\program files\webserver, now create a file in C:\ called secret.txt, put something in it, and now try the url \..\..\secret.txt, so it might be http://127.0.0.1/../../secret.txt It will read straight from it!

This isnt just in windows its linux as well, the way to filter it out is to Remove any occourences of .. although there are other methods

Remove all occourences of the following:

..
/.
.\
/\
//
\\
\/
\.
./

That is just to be sure, i think there are a couple others but i'm really... really tired

[Killswitch]

Thanks Tommeh I didn't realise that that could happen. I've taken your adivice and now any incomming URL request is filtered to remove any one of those 'up-on' paths. That brings KNet upto v1.03!

Thanks for all your suggestions, from now on all KNet information can be found on www.stormystudios.com. (You'll also be able to download KNet there).

Keep sending in your suggestions and comments!

Edit:

v1.04b now avaliable. This proliforation in updates is all thanks to yours, and others, advice and comments - please don't stop them!

Direct download:

Download v1.04b

[GeoTrail]

Tommeh, that's a well known risk for pretty much all "baby" servers.
Good that you pointed that out

[Tommeh]

Uhmm... Theres more i've found out... quiet a few more :s Killswitch PM me if you need any info