Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email firstname.lastname@example.org
Subject: ICQ Guestbook Exploit ?
From: Maxime Rousseau (mrousseauLABCAL.COM)
Date: Thu Jun 01 2000 - 08:41:44 CDT
- Next message: logistix: "Vulnerability in SNTS"
- Previous message: Blue Boar: "Re: Win 2000 & IE 'shell://' problem?"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Someone (meliksahmeliksah.net) in NTBugtraq has pointed out a bug in
the impressively bad programmed ICQ, about all versions. It involves the
personal web server feature of ICQ and overflowing the 'name' paramter
of the guestbook.cgi. Has anyone gave a shot on this and see if its
exploitable? The original poster makes no statements regarding the
possible impact of this. As i am not very familiar with owning cgi stuff
perhaps someone could enlighten me as the usefullness of this (read: do
i have to fear armageddon). Mayhaps someone like rfp or some