[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[PersianHacker.NET 200502-05] WWWoard passwd

To: bugtraq@xxxxxxxxxxxxxxxxx
Subject: [PersianHacker.NET 200502-05] WWWoard passwd
From: Andrew guess <cybercop38@xxxxxxxxxxxx>
Date: 8 Feb 2005 12:44:54 -0000


Hi all, 


I know how this hole works and where it hits, also I have found a fix for it, 
so start applying or end up dieing....lmao


This is an example of the source code for the forum script:

Line 126:''''''''''End Add '''''''''''''''''''''
Line 127:
Line 128:hostInfo = Dns.GetHostByAddress(clientIp)
Line 129:
Line 130:if IsDBNull(hostInfo) then


and here is the fix:

[SocketException (0x2afc): The requested name is valid, but no data of the 
requested type was found]
   System.Net.Dns.GetHostByAddress(IPAddress address) +264
   System.Net.Dns.GetHostByAddress(String address) +54
   ASP.WriteDeny_aspx.__Render__control1(HtmlTextWriter __output, Control 
parameterContainer) in D:\Inetpub\wwwroot\ProcessDeny\WriteDeny.aspx:128
   System.Web.UI.Control.RenderChildren(HtmlTextWriter writer) +27
   System.Web.UI.Control.Render(HtmlTextWriter writer) +7
   System.Web.UI.Control.RenderControl(HtmlTextWriter writer) +243

What this does is denys access to the link (script) your trying to get into, 
meaning this one is passwd.txt via the wwwboard.

you will need to create a /processdeny script which ain't that hard, but I may 
be wrong just look into it.

Prev by Date: [SECURITY] [DSA 671-1] New xemacs21 packages fix arbitrary code execution
Next by Date: mailman email harvester
Previous by thread: [PersianHacker.NET 200502-05] WWWoard passwd
Next by thread: [USN-74-2] Fixed Postfix packages for USN-74-1
Index(es):
- Date
- Thread