Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline

ezboard-scx-sa-03.txt

🗓️ 26 May 2000 00:00:00Reported by Frazzle_FreckleType 
packetstorm
 packetstorm🔗 packetstormsecurity.com👁 21 Views

Ezboard ver. 5.3.9 can become unreachable due to wildcard queries causing server strain.

Show more

5 of 5AI Insights are available for you today

Leverage the power of AI to quickly understand vulnerabilities, impacts, and exploitability

Code
`=============================================================================  
Securax-SA-03 Security Advisory  
belgian.networking.security Dutch  
=============================================================================  
Topic: Ezboard ver. 5.3.9 can be caused unreachable.  
Announced: 2000-05-24  
Affects: Ezboard Ver. 5.3.9.  
Other versions not tested.  
=============================================================================  
  
  
  
Note: This entire advisory has been based upon trial and error results. We  
can not ensure the information below is 100% correct being that we have  
no source code to audit. This document is subject to change without  
prior notice.  
  
If you happen to find more information or problems concerning the below  
problem or further varients please contact ezboard themselves and/or  
[email protected].  
  
I. Problem Description  
-----------------------  
  
When someone visits http://pub4.ezboard.com/u*.showPublicProfile for example,  
every ezboard on server6.ezboard.com will become unreachable for anyone.  
The problem occurs when trying to Show a users public profile. When a user  
is replaced with '*' it causes the server to strain. If you want to make the  
ezboards on pub7.ezboard.com unreachable you can visit the following site as  
well: http://pub7.ezboard.com/u*.showPublicProfile. Not much research has  
been directed to locating the full list of pub* servers. Variable standard  
wildcard characters also cause the servers to have the same reaction, ie: $,  
&, @, etc.  
  
II. Impact  
  
Ezboard servers and client message boards, etc. can be caused to be lagged  
and unreachable while the service strains for large wildcard responses.  
Their could be made code that would take the server down fully.  
For example: perl -e 'for(;;){`(sleep 30;killall -9 lynx)|lynx http://address/`}'  
This is not tested.  
  
III. Solution  
  
The service has been notified and will hopefully be fixed within the near  
future to prevent and further misfortune for current clients/users in action  
of service. I would strongly suggest changing the character type of the  
standard wildcards which do special uneeded tasks.  
  
IV. Credits  
  
greetz: R00T-dude, securax, Zoa_Chien, Visjnu, Zym0t1c, HTWX, H4H, loophole and hhp.  
  
-Frazzle_Freckle([email protected]).  
=============================================================================  
For more information [email protected]  
Website http://www.securax.org  
Advisories/Text http://www.securax.org/pers  
-----------------------------------------------------------------------------`

Transform Your Security Services

Elevate your offerings with Vulners' advanced Vulnerability Intelligence. Contact us for a demo and discover the difference comprehensive, actionable intelligence can make in your security strategy.

Book a live demo
26 May 2000 00:00Current
7.4High risk
Vulners AI Score7.4
ezboard version 5.3.9server strainwildcard queriesservice notificationmessage boards.
21
.json
Report