| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <002301c3580d$fd286d10$0265a8c0@mailserver> Date: Fri, 1 Aug 2003 15:04:19 +0545 From: "npguy" <npguy@...net.com> To: <ysgnet@...ica.com> Subject: phpbuilder.com unrestricted page! recently, 01 security submission has discovered a serious problem with phpbuilder.com ---[ about phpbuilder.com ]--- phpbuilder.com is one of the premier php site. Thousand of developer share and contribute their articles on php. ---[summary]--- the bug actually allows any user to launch DOS attack! phpbuilder.com has not restricton in "page", making it possible to tie up all the connection slots and consume a lot of CPU on the server. --[exploit]-- change the page value!. http://www.phpbuilder.com/columns/mattias20000105.php3?page=1 viz, http://www.phpbuilder.com/columns/mattias20000105.php3?page=1333 what about this? http://www.phpbuilder.com/columns/mattias20000105.php3?page=13333 and wait for result. there is not restricton in "page" variable, so u can assign upto 2^32...r u mad? ---[about 01 security submission]--- 01s.s is a small group having experience as security specialists, programmers and system administrators http://www.ysgnet.com/hn.
Powered by blists - more mailing lists