[Full-Disclosure] Ok KF, i tell you about the buffer overflow in Sphera

From: Lorenzo Hernandez Garcia-Hierro (novappc_at_novappc.com)
Date: 06/14/03

  • Next message: Marc Ruef: "[Full-Disclosure] BlackICE PC Protection Cross Site Scripting Evasion"
    To: <full-disclosure@lists.netsys.com>
    Date: Sat, 14 Jun 2003 17:33:27 +0200
    
    

    Hi KF,
    all the information about the buffer overflow is in the report but i can
    tell you,
    when you request the subbmitted.php file , the sphera hd ( hosting director)
    cp ( control panel )
    make the proper actions only checking the vds_[vds user/number]|| variable
    and the boolean value like true or false,
    if you send a large request in the GET mode , the script makes a pick up in
    the server and the server becomes unstable , ok ?
    and if you only modify the user variable , you can acces another users
    accounts!.
    regards,
    ------------------------------------------------------
    Lorenzo Hernandez Garcia-Hierro
    --- Computer Security Analyzer ---
    --Nova Projects Professional Coding--
    PGP: Keyfingerprint
    B6D7 5FCC 78B4 97C1 4010 56BC 0E5F 2AB2
    ID: 0x9C38E1D7
    **********************************
    www.novappc.com
    security.novappc.com
    www.lorenzohgh.com
    ______________________

    _______________________________________________
    Full-Disclosure - We believe in it.
    Charter: http://lists.netsys.com/full-disclosure-charter.html


  • Next message: Marc Ruef: "[Full-Disclosure] BlackICE PC Protection Cross Site Scripting Evasion"

    Relevant Pages

    • Re: Double click
      ... I have a form that folks use to report ... >> written with asp, and it submits to an asp page, and the results are ... > the user clicks the submit button a second time, before the first request ... > been received by the server. ...
      (microsoft.public.inetserver.asp.db)
    • Re: Spurious 403 - but why?
      ... can see the request coming from you and see the 403 in his logs? ... There is something odd in the 403 report: ... If you think this is a server error, ... F15 laptop], but it could certainly be triggered by something that the ...
      (uk.comp.os.linux)
    • Re: Simplest Ajax/Comet style way to avoid client timeouts in a slow request
      ... Since that report is going to e-mail, ... But how the server completes the request isn't really relevant - It ... Or is there a simpler way for the browser client to reset the client ...
      (comp.lang.javascript)
    • Re: Problem with aspx that takes very long time to complete the reques
      ... Or just have another webform generate the report, ... > allow the user to submit a request for a report on the browser and then ... > status of the submitted requests, with links to pages that display those ... > server that checks for either a file to be created in a specified folder ...
      (microsoft.public.dotnet.framework.aspnet)
    • [REVS] NTLM HTTP Authentication is Insecure By Design
      ... in front of a web server, and that proxy server shares a single TCP ... These are attacks that make use of non-RFC HTTP requests (HTTP Request ... the authentication is associated with the ...
      (Securiteam)