<a href="http://g.adspeed.net/ad.php?do=clk&zid=14678&wd=728&ht=90&pair=as" target="_top"><img style="border:0px;" src="http://g.adspeed.net/ad.php?do=img&zid=14678&wd=728&ht=90&pair=as" alt="i" width="728" height="90"/></a>

Nmap Security Scanner

Docs
Security Lists

Full Disclosure

More
Security Tools

Packet crafters

More
Site News
Site Search:
Exploit World
Advertising
About/Contact
Credits
Sponsors:

edgeos

Bugtraq: Re: Remotely Anywhere 'Accept-Charset' Parameter NULL Pointer

Re: Remotely Anywhere 'Accept-Charset' Parameter NULL Pointer

From: <patrick_at_aushack.com>
Date: Tue, 11 Mar 2008 14:03:56 +1100

Re:

http://www.securityfocus.com/bid/28175

Remotely Anywhere 'Accept-Charset' Parameter NULL Pointer Denial Of Service
Vulnerability

I just thought I'd add (while you're at it) that there are a few other bugs.

1) There is a service 'RAMaint' (a watchdog task). It runs as LocalSystem
(doesn't everything?!) and uses an unsafe (unquoted - c:\program.exe) path
in versions earlier than v8. v8 and onwards uses an absolute path.

2) There is an XSS in the RemotelyAnywhere HTTP service, which you can use
to steal cookies. Of course, you need to entice your target to visit the
address and send the cookie somewhere.

/img/<script>alert(document.cookie);</script>.html

The error is interpreted by the browser as text/html.

-Patrick
Received on Mar 11 2008

This message: [ Message body ]
Next message: ACROS Security: "ACROS Security: Session Fixation Vulnerability in WebLogic Administration Console (#2008-03-11-2)"
Previous message: security-alert_at_hp.com: "[security bulletin] HPSBUX02313 SSRT080015 rev.2 - HP-UX Running Apache, Remote Cross Site Scripting (XSS)"

Contemporary messages sorted: [ by date ] [ by thread ] [ by subject ] [ by author ] [ by messages with attachments ]

[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]