icq.web.front.dos.txt

2000-05-3100:00:00
Meliksah Ozoral
packetstormsecurity.com
JSON
` /\__ ____ _ /\____ /\__ ____  
\_ \ / _//\_ /:\ /\ /\_ ___ /\____ \___ \ \_ | _/  
/ : \/ . \ . | (__) | \. )\___ \ / .) \ / : \  
/ . . \ \_) . | / \ | / ( )__) / \ / \  
( ( ) )._) |___( )| . \ /\_. \( : )( : )  
\__/\_/\ /_ )_____ )\ / \__\_ )\____ )\___|_ / \___|_ /  
\/ \/ \/ \/ \/ \/ \/ \/  
---------------------------------------------------Meliksah Ozoral  
[E-mail [email protected]]------------------------------------  
----------------------------------------------------[ICQ 10390761]  
[ICQ Web Front Remote DoS Attack Vulnerability]-------------------  
------------------------------------------------------[29/05/2000]  
[www.meliksah.net]------------------------------------------------  
  
Affected Versions : 2000a - 99b - 99a ...  
I tested bug on 2000a and 99b  
  
Web front is a simple service to host a home page on your own computer.  
This service include guestbook.cgi and you can crash remote computer  
by using guestbook.cgi. Firstly test it on your own computer. Click on  
Services in the ICQ Window. Select Free ICQ Homepage (or My ICQ Web Front).  
Select Activate Homepage (My ICQ Web Front), a Home icon will now appear  
beside your name in the Contact List of other users. Now run your browser  
and visit http://localhost . Click the guestbook icon and write something  
to your guestbook and send. After this, type this url in your browser :  
http://localhost/guestbook.cgi?name=01234567890012345678901234567890  
ICQ Crashed!  
  
NOT : ICQ Web Front request authorize. If you try use this url directly you  
should see "Stop sending multiple comments, please" message or "HTTP Error  
403"  
Please apply all steps in text to test bug!  
  
Greetings: Projman, Spook, Misoskian, Mikrop and others...  
  
  
  
\___ \/ ___/ E  
/ \ L __/\__  
_/ \_ I \ OO /  
\ \ / / K / \/ \  
\\ //\/\\ // $ ~~\/~~  
\\ / \\ / A 2000  
\/ \/ H  
  
`
JSON