[Full-Disclosure] Ok KF, i tell you about the buffer overflow in Sphera
From: Lorenzo Hernandez Garcia-Hierro (novappc_at_novappc.com)
Date: 06/14/03
- Previous message: Lorenzo Hernandez Garcia-Hierro: "[Full-Disclosure] Lycos Authenticating Systems and Lycos News server Vulnerabilities"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
To: <full-disclosure@lists.netsys.com> Date: Sat, 14 Jun 2003 17:33:27 +0200
Hi KF,
all the information about the buffer overflow is in the report but i can
tell you,
when you request the subbmitted.php file , the sphera hd ( hosting director)
cp ( control panel )
make the proper actions only checking the vds_[vds user/number]|| variable
and the boolean value like true or false,
if you send a large request in the GET mode , the script makes a pick up in
the server and the server becomes unstable , ok ?
and if you only modify the user variable , you can acces another users
accounts!.
regards,
------------------------------------------------------
Lorenzo Hernandez Garcia-Hierro
--- Computer Security Analyzer ---
--Nova Projects Professional Coding--
PGP: Keyfingerprint
B6D7 5FCC 78B4 97C1 4010 56BC 0E5F 2AB2
ID: 0x9C38E1D7
**********************************
www.novappc.com
security.novappc.com
www.lorenzohgh.com
______________________
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html
- Previous message: Lorenzo Hernandez Garcia-Hierro: "[Full-Disclosure] Lycos Authenticating Systems and Lycos News server Vulnerabilities"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
