RE: Trillian Remote DoS Attack - AIM

From: Eric Stevens (mightyeat_private)
Date: Tue Sep 24 2002 - 10:38:11 PDT

Next message: Marcin Jackowski: "Re: JSP source code exposure in Tomcat 4.x"

Previous message: Matthias Bauer: "Re: PHP source injection in phpWebSite"
Maybe in reply to: Spikeman: "Trillian Remote DoS Attack - AIM"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Tried unsuccessfully to replicate on Trillian 0.73, sending from Trillian
Pro 1.0.  Sent
P > O < C
by itself.  Sent during both encrypted, and non-encrypted sessions.  No
crash reported on either end.

-MightyE

-----Original Trimmed Message-----
From: Spikeman [mailto:spikemanat_private]
Subject: Trillian Remote DoS Attack - AIM


#########################
# Offending Data String #
#########################
Send a AOL IM to someone with this string anywhere in the message
(the spaces must be there)

P > O < C

And it will cause the application to crash. Other data strings do work IE
ee > 3e < 3dsaf
3 > 3 < 3
computer > security < now

Next message: Marcin Jackowski: "Re: JSP source code exposure in Tomcat 4.x"
Previous message: Matthias Bauer: "Re: PHP source injection in phpWebSite"
Maybe in reply to: Spikeman: "Trillian Remote DoS Attack - AIM"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Tue Sep 24 2002 - 13:26:37 PDT