Lucene search
K

ezboard-scx-sa-03.txt

🗓️ 26 May 2000 00:00:00Reported by Frazzle_FreckleType 
packetstorm
 packetstorm
🔗 packetstormsecurity.com👁 23 Views

Ezboard ver. 5.3.9 can become unreachable due to wildcard queries causing server strain.

Code
`=============================================================================  
Securax-SA-03 Security Advisory  
belgian.networking.security Dutch  
=============================================================================  
Topic: Ezboard ver. 5.3.9 can be caused unreachable.  
Announced: 2000-05-24  
Affects: Ezboard Ver. 5.3.9.  
Other versions not tested.  
=============================================================================  
  
  
  
Note: This entire advisory has been based upon trial and error results. We  
can not ensure the information below is 100% correct being that we have  
no source code to audit. This document is subject to change without  
prior notice.  
  
If you happen to find more information or problems concerning the below  
problem or further varients please contact ezboard themselves and/or  
[email protected].  
  
I. Problem Description  
-----------------------  
  
When someone visits http://pub4.ezboard.com/u*.showPublicProfile for example,  
every ezboard on server6.ezboard.com will become unreachable for anyone.  
The problem occurs when trying to Show a users public profile. When a user  
is replaced with '*' it causes the server to strain. If you want to make the  
ezboards on pub7.ezboard.com unreachable you can visit the following site as  
well: http://pub7.ezboard.com/u*.showPublicProfile. Not much research has  
been directed to locating the full list of pub* servers. Variable standard  
wildcard characters also cause the servers to have the same reaction, ie: $,  
&, @, etc.  
  
II. Impact  
  
Ezboard servers and client message boards, etc. can be caused to be lagged  
and unreachable while the service strains for large wildcard responses.  
Their could be made code that would take the server down fully.  
For example: perl -e 'for(;;){`(sleep 30;killall -9 lynx)|lynx http://address/`}'  
This is not tested.  
  
III. Solution  
  
The service has been notified and will hopefully be fixed within the near  
future to prevent and further misfortune for current clients/users in action  
of service. I would strongly suggest changing the character type of the  
standard wildcards which do special uneeded tasks.  
  
IV. Credits  
  
greetz: R00T-dude, securax, Zoa_Chien, Visjnu, Zym0t1c, HTWX, H4H, loophole and hhp.  
  
-Frazzle_Freckle([email protected]).  
=============================================================================  
For more information [email protected]  
Website http://www.securax.org  
Advisories/Text http://www.securax.org/pers  
-----------------------------------------------------------------------------`

Data

Build on a solid foundation with Vulners data

We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data

Api

Power your application with Vulners API

The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access

App

Assess and manage vulnerabilities with Vulners tools

Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation

26 May 2000 00:00Current
7.4High risk
Vulners AI Score7.4
23