Skip to page content or Skip to Accesskey List.

Work

Main Page Content

Dos Attack In Counter Exe

Rated 3.91 (Ratings: 1)

Want more?

  • More articles in News
 

Daniel Cody

Member info

User since: 14 Dec 1998

Articles written: 146

A denial of service exists in counter.exe version 2.70, a fairly popular webhit counter used on the Win32 platform with web servers such as IIS and

WebSite Pro.

1) When someone requests :

http://no-such-server-really/scripts/counter.exe?%0A this will create an

entry in counter.log of a blank line then a ",1" . If the person then

refreshes their browser and requests it again you get an Access Violation in

counter.exe - the instruction at 0x00414c0a referenced memory at 0x00000000.

2) When someone requests:

http://no-such-server-really/scripts/counter.exe?AAAAAover-2200-As you get a

similar problem - though not a buffer overrun.

Whilst in a state of "hanging" all other vaild requests for counter are

queued and not dealt with until someone goes to the console and okays the AV

messages. Added to this memory can be consumed if the page is continuosly

requested.

Thanks to David Litchfield for the heads up

Dan lives a quiet life in the bustling city of Milwaukee, WI. Although he founded what would become evolt.org in 1998, he's since moved on to other projects and is now the owner of Progressive Networks, a Zimbra hosting company based in Milwaukee.

His personal site can be found at http://dancody.org/

The access keys for this page are: ALT (Control on a Mac) plus:

evolt.org Evolt.org is an all-volunteer resource for web developers made up of a discussion list, a browser archive, and member-submitted articles. This article is the property of its author, please do not redistribute or use elsewhere without checking with the author.