Home page logo
/

bugtraq logo Bugtraq mailing list archives

ICQ remote DoS
From: philip_stoev () INAME COM (Philip Stoev)
Date: Fri, 10 Mar 2000 20:06:43 +0200


This does not seem something extraordinary, but somebody may find a ground
to expand upon:

ICQ Version 99b Beta v.3.19 Build #2569
freshly downloaded today from www.icq.com

The My ICQ Page functionality turns ICQ user's PC into (sort of) a web
server, listening on port 80. This web server serves an ready-made page with
various things on it, and among them -- a guestbook. Submissions to this
guestbook are hanlded by guestbook.cgi script.

When an external visitor requests an URL like

http://icq-user-ip-address-here/guestbook.cgi

, he or she will get a Forbidden HTTP reply. However, if the URL is

http://icq-user-ip-address-here/guestbook.cgi

(with a ? at the end), ICQ will crash with a simple GPF.

I must admit that I did not bother to notify the developers, because the TOS
that pop up every now and them discourage me to do so.

Philip


  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]
AlienVault