Cenzic 232 Patent
Paid Advertising
sla.ckers.org is
ha.ckers sla.cking
Sla.ckers.org
Whether this is about ha.ckers.org, sla.ckers.org or some other project you are interested in or want to talk about, throw it in here to get feedback. 
Go to Topic: PreviousNext
Go to: Forum ListMessage ListNew TopicSearchLog In
red bull vulnerability
Posted by: pixxellator
Date: June 10, 2007 11:10PM

I was wondering if anyone could find a vulnerability for this. http://www.redbullfusion.com/admin it runs on Apache 2.0.52 on a red hat server, a lot of the time you can get into cgi-bin or root with those. I'm looking for holes to fix in the server. Thanks so much for you contributions.

Options: ReplyQuote
Re: red bull vulnerability
Date: June 11, 2007 06:09AM

did you look them up here http://www.securityfocus.com/vulnerabilities ?

Options: ReplyQuote
Re: red bull vulnerability
Posted by: pixxellator
Date: June 11, 2007 07:32PM

no, thanks though... does it show how to implement these vulnerabilites, typically the title doesn't explain everything, but there are exceptions. I don't see anything about implementation. It'd be a wonder if anyone could help.

Options: ReplyQuote
Re: red bull vulnerability
Date: June 11, 2007 08:23PM

first do a vuln search on that site for that software and version. There it will give tab called exploit click it and most of the time will give a POC. Otherwise look up additional info. Use Google, everything you need can be found using it.

Options: ReplyQuote
Re: red bull vulnerability
Posted by: pixxellator
Date: June 11, 2007 08:55PM

it doesn't have apache 2.0.52, i looked under apache http server and red hat

Options: ReplyQuote
Re: red bull vulnerability
Date: June 11, 2007 09:19PM

yes it does. Choose Apache Software Foundation then choose Apache then choose version.

Options: ReplyQuote
Re: red bull vulnerability
Posted by: pixxellator
Date: June 16, 2007 11:39PM

dude, i don't know how to implement any of these things, can someone lend a hand? i just want to learn enough to figure it out on my own, then i'll stop bothering you all.

Options: ReplyQuote
Re: red bull vulnerability
Posted by: pixxellator
Date: June 28, 2007 07:01PM

please...... I can't learn if no one is willing to teach. I would really appreciate it.

Options: ReplyQuote
Re: red bull vulnerability
Posted by: Anonymous User
Date: June 28, 2007 11:25PM

Depends on what you want to know.

Apace 2.0.52 has a few vulns, among it a Denial of service attack:

Send multiple request to the server:

GET / HTTP/1.0\n
8000 spaces \n
8000 spaces \n
8000 spaces \n
8000 spaces \n
8000 spaces \n
8000 spaces \n
......etc...8000 times

Apache 2.052 will not kill it and hangs.

These kind of things are not uncommon, alot of buffer overflows/denial of service attacks on servers work this way. One form attack is the CRLF (Cariage returns & linefeeds) injection. You can send multiple request to a server at once and feed it carriage returns and linefeeds in the header.

You can Google up the specifics or look at the milw0rm database for actual exploits to learn form.

Options: ReplyQuote
Re: red bull vulnerability
Posted by: pixxellator
Date: June 30, 2007 09:23PM

thank you, that's more like what i was looking for. Now, I inject this, or how do i feed this to the server?

Options: ReplyQuote
Re: red bull vulnerability
Posted by: Anonymous User
Date: June 30, 2007 11:50PM

You could write a script to make requests to a server, it could be anything.
An actual exploit written into a simple perl script: http://milw0rm.com/exploits/613

Pretty straight forward.

Options: ReplyQuote


Sorry, only registered users may post in this forum.