Penetration Testing mailing list archives
Format String vuln in Inktomi Search4.0
From: "Blurred Vision" <really_blurred_vision () hotmail com>
Date: Fri, 27 Feb 2004 08:17:54 +1100
Besides the discussion found here: http://lists.virus.org/dw-0day-0306/msg00071.htmlWhich confirms the existance of a format string bug, has anyone seen anymore on the following FS bug in inktomi search?
URL: http://<vuln_inktomisearch_server>/query.html?charset=%3 Internal Server Error Server cannot complete operationexceptions.UnicodeError: unknown encoding 0'<meta htPk k u': ', u'Server cannot complete operati
File httpsrvr.py, line 501, in parse_qscharset = "0'<meta htPk\031\002\240k\031\002 u': ', u'Server cannot comple enclst = [('charset', ["0'<meta htPk\031\002\240k\031\002 u': ', u'Server
ent = ['charset', '%3'] idx = 0 key = 'charset'lst = ["0'<meta htPk\031\002\240k\031\002 u': ', u'Server cannot complete
nodecode = [] qs = 'charset=%3'query = {'charset': ["0'<meta htPk\031\002\240k\031\002 u': ', u'Server ca
self = <httpsrvr.RequestHandler ('XXX.XXX.XXX.XXX', 56730)>val = "0'<meta htPk\031\002\240k\031\002 u': ', u'Server cannot complete o
File httpsrvr.py, line 778, in handle frag = '' netloc = '<vuln_inktomisearch_server>' parms = '' path = '/query.html' qs = 'charset=%3'query = {'charset': ["0'<meta htPk\031\002\240k\031\002 u': ', u'Server ca
req = '' scheme = 'http' self = <httpsrvr.RequestHandler ('XXX.XXX.XXX.XXX', 56730)> server = <httpsrvr.Server ('XXX.XXX.XXX.XXX', 80)> thr = 413 File httpsrvr.py, line 904, in __init__ client_address = ('XXX.XXX.XXX.XXX', 56730) sckt = <socket._socketobject instance at 21957c0> self = <httpsrvr.RequestHandler ('XXX.XXX.XXX.XXX', 56730)> server = <httpsrvr.Server ('XXX.XXX.XXX.XXX', 80)> _________________________________________________________________Hot chart ringtones and polyphonics. Go to http://ninemsn.com.au/mobilemania/default.asp
--------------------------------------------------------------------------- ----------------------------------------------------------------------------
Current thread:
- Format String vuln in Inktomi Search4.0 Blurred Vision (Feb 27)