SecurityvulnsSECURITYVULNS:DOC:280ICQ Web Front Remote DoS Attack Vulnerability
/\__ ____ _ /\____ /\__ ____
\_ \ / //\ /:\ /\ /\_ ___ /\____ \___ \ \_ | /
/ : \/ . \ . | () | \. )\ \ / .) \ / : \
/ . . \ \) . | / \ | / ( )__) / \ / \
( ( ) ).) |( )| . \ /\. \( : )( : )
\/\/\ / )_____ )\ / \\_ )\____ )\| / \__| /
\/ \/ \/ \/ \/ \/ \/ \/
---------------------------------------------------Meliksah Ozoral
[E-mail [email protected]]------------------------------------
----------------------------------------------------[ICQ 10390761]
[ICQ Web Front Remote DoS Attack Vulnerability]-------------------
------------------------------------------------------[29/05/2000]
[www.meliksah.net]------------------------------------------------
Affected Versions : 2000a - 99b - 99a β¦
I tested bug on 2000a and 99b
Web front is a simple service to host a home page on your own computer.
This service include guestbook.cgi and you can crash remote computer
by using guestbook.cgi. Firstly test it on your own computer. Click on
Services in the ICQ Window. Select Free ICQ Homepage (or My ICQ Web Front).
Select Activate Homepage (My ICQ Web Front), a Home icon will now appear
beside your name in the Contact List of other users. Now run your browser
and visit http://localhost . Click the guestbook icon and write something
to your guestbook and send. After this, type this url in your browser :
http://localhost/guestbook.cgi?name=01234567890012345678901234567890
ICQ Crashed!
NOT : ICQ Web Front request authorize. If you try use this url directly you
should see "Stop sending multiple comments, please" message or "HTTP Error
403"
Please apply all steps in text to test bug!
Greetings: Projman, Spook, Misoskian, Mikrop and othersβ¦
\___ \/ ___/ E
/ \ L /\
/ \ I \ OO /
\ \ / / K / \/ \
\\ //\/\\ // $ \/
\\ / \\ / A 2000
\/ \/ H