Bugtraq mailing list archives
Re: ICQ Webserver bug
From: kervel () SVENNIEBOY TERBANK KOTNET ORG (Frank Dekervel)
Date: Sat, 10 Apr 1999 20:45:56 +0200
humm, i d like to add one last thing to this according to me much too long thread. (seems some writers ain't thinking about the cause) if you have a look at the pseudocode below, which i suspect mirabilis to use, you ll find thousands of ways to exploit icq. fread(my_socket,"%s %s %s", getword, url, httpversion); /// if you only feed two or one word, it 'dumps core', gpf under windoze change the slashes in url to backslashes; url = "c:\program files\icq\webroot_dir\" + url; /// yes, this is the '../../../../' bug ... open(fd,url); read(fd,buffer); write(socket,buffer); close(socket); i think its this because i made small webserver earlier to see common bugs. i checked on the net, and the dynamic server of francois piete (known for delphi components) and various shareware servers, or remote admin modules for eg. proxy servers are vulnerable. greetz, kervel (kervel () svennieboy terbank kotnet org)
Current thread:
- Re: ICQ Webserver bug Ronald A. Jarrell (Apr 06)
- <Possible follow-ups>
- Re: ICQ Webserver bug José Reyes Cedeño (Apr 08)
- Re: ICQ Webserver bug Kaven Rousseau (Apr 08)
- Re: ICQ Webserver bug Frank Dekervel (Apr 10)
- ARP problem in Windows9X/NT Joel Jacobson (Apr 12)
- Re: ARP problem in Windows9X/NT gandalf () POBOX COM (Apr 12)
- Re: ARP problem in Windows9X/NT kay (Apr 13)
- Re: ARP problem in Windows9X/NT kay (Apr 13)
- Serious security holes in web anonimyzing services Patrick Oonk (Apr 13)
- Re: Serious security holes in web anonimyzing services Jeremey Barrett (Apr 13)
- Re: ARP problem in Windows9X/NT route () RESENTMENT INFONEXUS COM (Apr 13)
- Re: ARP problem in Windows9X/NT gandalf () POBOX COM (Apr 13)
- Re: ARP problem in Windows9X/NT route () RESENTMENT INFONEXUS COM (Apr 13)
- Re: ARP problem in Windows9X/NT Alan DeKok (Apr 13)