[10158] in bugtraq
Re: ICQ Webserver bug
daemon@ATHENA.MIT.EDU (Kaven Rousseau)
Fri Apr 9 18:00:28 1999
Date: Thu, 8 Apr 1999 19:30:18 -0400
Reply-To: Kaven Rousseau <rousseau@GLOBETROTTER.QC.CA>
From: Kaven Rousseau <rousseau@GLOBETROTTER.QC.CA>
To: BUGTRAQ@NETSPACE.ORG
At 08:45 1999-04-08 -0400, you wrote:
>>Well, my box was win 98, and the remote box I tested it against was
>>win 95. Didn't have anyone running NT handy to test against. However,
>>another person I corresponded with who was testing this did get it to
>>drop a 95 box, but not every time. Did it every time for me; but there's
>>apparently other factors that contribute as well.
>>
>>--
>>Ron Jarrell
>>VA Tech Computing Center
>
>I try to test this on my NT box ( NT server 4.00.1381, Sevice pack 3 ) and I
>could not reproduce the error. I've used ICQ Version 99a Beta v.2.13 Build
>1700. It would be beneficial if Ron Jarrell or Jan Vogelgesang, explained
>the procedure that they carried out to arrive to the error detailedly.
>
>Best regards, Jose.
I tested it against my own win98 box with IE5 final (english) result: I was
vulnerable.
My friend with win98 and ie4 (french) result: vulnerable
An other friend with win98 and IE5 (french) result: vulnerable
we were all using ICQ99a build 1700
Method used:
telnet to port 80
send: QUIT <LF>
it disconnects after 5 to 10 seconds.
,
|
| Kaven Rousseau
| rousseau@globetrotter.qc.ca
| FingerPrint: F1C8 F915 9F0F DD5E DACB 024B 5C6F 163D F097 40D6
`------------------- ---- -- -
