[Full-Disclosure] Ok KF, i tell you about the buffer overflow in Sphera

From: Lorenzo Hernandez Garcia-Hierro (novappc_at_novappc.com)
Date: 06/14/03

  • Next message: Marc Ruef: "[Full-Disclosure] BlackICE PC Protection Cross Site Scripting Evasion"
    To: <full-disclosure@lists.netsys.com>
    Date: Sat, 14 Jun 2003 17:33:27 +0200
    
    

    Hi KF,
    all the information about the buffer overflow is in the report but i can
    tell you,
    when you request the subbmitted.php file , the sphera hd ( hosting director)
    cp ( control panel )
    make the proper actions only checking the vds_[vds user/number]|| variable
    and the boolean value like true or false,
    if you send a large request in the GET mode , the script makes a pick up in
    the server and the server becomes unstable , ok ?
    and if you only modify the user variable , you can acces another users
    accounts!.
    regards,
    ------------------------------------------------------
    Lorenzo Hernandez Garcia-Hierro
    --- Computer Security Analyzer ---
    --Nova Projects Professional Coding--
    PGP: Keyfingerprint
    B6D7 5FCC 78B4 97C1 4010 56BC 0E5F 2AB2
    ID: 0x9C38E1D7
    **********************************
    www.novappc.com
    security.novappc.com
    www.lorenzohgh.com
    ______________________

    _______________________________________________
    Full-Disclosure - We believe in it.
    Charter: http://lists.netsys.com/full-disclosure-charter.html


  • Next message: Marc Ruef: "[Full-Disclosure] BlackICE PC Protection Cross Site Scripting Evasion"