Vulnerability Development mailing list archives
ICQ Guestbook Exploit ?
From: mrousseau () LABCAL COM (Maxime Rousseau)
Date: Thu, 1 Jun 2000 09:41:44 -0400
Hi list, Someone (meliksah () meliksah net) in NTBugtraq has pointed out a bug in the impressively bad programmed ICQ, about all versions. It involves the personal web server feature of ICQ and overflowing the 'name' paramter of the guestbook.cgi. Has anyone gave a shot on this and see if its exploitable? The original poster makes no statements regarding the possible impact of this. As i am not very familiar with owning cgi stuff perhaps someone could enlighten me as the usefullness of this (read: do i have to fear armageddon). Mayhaps someone like rfp or some web-oriented person... Thx, M.
Current thread:
- ICQ Guestbook Exploit ? Maxime Rousseau (Jun 01)