Securax-SA-03 - Ezboard v5.3.9 remote dos attack via wildcards in URL.
ed822a1fc27e53ef490ca1eaffb4b388a0110ab561a1a5b201ae6e3397654cf5
=============================================================================
Securax-SA-03 Security Advisory
belgian.networking.security Dutch
=============================================================================
Topic: Ezboard ver. 5.3.9 can be caused unreachable.
Announced: 2000-05-24
Affects: Ezboard Ver. 5.3.9.
Other versions not tested.
=============================================================================
Note: This entire advisory has been based upon trial and error results. We
can not ensure the information below is 100% correct being that we have
no source code to audit. This document is subject to change without
prior notice.
If you happen to find more information or problems concerning the below
problem or further varients please contact ezboard themselves and/or
frazzle_freckle@hehe.com.
I. Problem Description
-----------------------
When someone visits http://pub4.ezboard.com/u*.showPublicProfile for example,
every ezboard on server6.ezboard.com will become unreachable for anyone.
The problem occurs when trying to Show a users public profile. When a user
is replaced with '*' it causes the server to strain. If you want to make the
ezboards on pub7.ezboard.com unreachable you can visit the following site as
well: http://pub7.ezboard.com/u*.showPublicProfile. Not much research has
been directed to locating the full list of pub* servers. Variable standard
wildcard characters also cause the servers to have the same reaction, ie: $,
&, @, etc.
II. Impact
Ezboard servers and client message boards, etc. can be caused to be lagged
and unreachable while the service strains for large wildcard responses.
Their could be made code that would take the server down fully.
For example: perl -e 'for(;;){`(sleep 30;killall -9 lynx)|lynx http://address/`}'
This is not tested.
III. Solution
The service has been notified and will hopefully be fixed within the near
future to prevent and further misfortune for current clients/users in action
of service. I would strongly suggest changing the character type of the
standard wildcards which do special uneeded tasks.
IV. Credits
greetz: R00T-dude, securax, Zoa_Chien, Visjnu, Zym0t1c, HTWX, H4H, loophole and hhp.
-Frazzle_Freckle(frazzle_freckle@hehe.com).
=============================================================================
For more information frazzle_freckle@hehe.com
Website http://www.securax.org
Advisories/Text http://www.securax.org/pers
-----------------------------------------------------------------------------