[14249] in bugtraq
ICQ remote DoS
daemon@ATHENA.MIT.EDU (Philip Stoev)
Sat Mar 11 19:48:58 2000
Mime-Version: 1.0
Content-Type: text/plain; charset="koi8-r"
Content-Transfer-Encoding: 7bit
Message-Id: <000201bf8abb$720dfce0$61818ac3@YoTickets>
Date: Fri, 10 Mar 2000 20:06:43 +0200
Reply-To: Philip Stoev <philip_stoev@INAME.COM>
From: Philip Stoev <philip_stoev@INAME.COM>
X-To: bugtraq@securityfocus.com
To: BUGTRAQ@SECURITYFOCUS.COM
This does not seem something extraordinary, but somebody may find a ground
to expand upon:
ICQ Version 99b Beta v.3.19 Build #2569
freshly downloaded today from www.icq.com
The My ICQ Page functionality turns ICQ user's PC into (sort of) a web
server, listening on port 80. This web server serves an ready-made page with
various things on it, and among them -- a guestbook. Submissions to this
guestbook are hanlded by guestbook.cgi script.
When an external visitor requests an URL like
http://icq-user-ip-address-here/guestbook.cgi
, he or she will get a Forbidden HTTP reply. However, if the URL is
http://icq-user-ip-address-here/guestbook.cgi
(with a ? at the end), ICQ will crash with a simple GPF.
I must admit that I did not bother to notify the developers, because the TOS
that pop up every now and them discourage me to do so.
Philip
