Nukemods Forum - View Single Post

Testing_Nuke_Bomb · **Possible Exploit/Vulnerability -** 02-08-2005, 10:11 AM

Okay, in regards to the ridiculous amount of post topics made to the test forum...

The presence of flood control certainly limited the number of posts that were made. The actual number of requests sent to the server exceeded successful posts by an extortionate figure.

This board doesn't appear to support guest posts, but for those that do, it means posts can be made remotely without any kind of authorisation, so long as a valid session is created. This is achieved by crafting a form in a single htm file. Even if login credentials are required in order to post, such data can still be applied to the form. Basically, this means that a user does not need to have a current connection to the target host to actually post a new thread or topic reply (or even other actions, such as private messaging).

Now the problem arises where a Javascript is called to reload the htm file, thus executing the script once again, consequently looping its action. What I did effectively rendered my system as paralysed since it consumed some 500 megabytes of resources whilst opening 30+ instances of the browser. Now I don't have the capabilities to exploit this to its fullest extent because I do not own a server. I'm not so sure this problem will be much of an issue if used by the average home user. However, for someone who does have a server and also the potential to apply or link to multiple proxies, flood control can thus be bypassed to an extent.

Worse still is if the script is located at a (malicious) web site that usually has high public traffic. Any visitor viewing a page with such scripting in it will inadvertently execute this script and consequently post a message to the target forum. This will obviously avoid the problem of flood control if multiple IP addresses are sending the requests.

Either way, whether or not a message/topic is successfully posted, traffic is still hitting the server. Persistent traffic can quite easily amount to denial of service.

The REAL problem is yet to be established. What if XSS was applied to the form action URL?

	(#1 (permalink))
Testing_Nuke_Bomb Junior Member Status: Offline Posts: 5 Join Date: Feb 2005	Possible Exploit/Vulnerability - 02-08-2005, 10:11 AM Okay, in regards to the ridiculous amount of post topics made to the test forum... The presence of flood control certainly limited the number of posts that were made. The actual number of requests sent to the server exceeded successful posts by an extortionate figure. This board doesn't appear to support guest posts, but for those that do, it means posts can be made remotely without any kind of authorisation, so long as a valid session is created. This is achieved by crafting a form in a single htm file. Even if login credentials are required in order to post, such data can still be applied to the form. Basically, this means that a user does not need to have a current connection to the target host to actually post a new thread or topic reply (or even other actions, such as private messaging). Now the problem arises where a Javascript is called to reload the htm file, thus executing the script once again, consequently looping its action. What I did effectively rendered my system as paralysed since it consumed some 500 megabytes of resources whilst opening 30+ instances of the browser. Now I don't have the capabilities to exploit this to its fullest extent because I do not own a server. I'm not so sure this problem will be much of an issue if used by the average home user. However, for someone who does have a server and also the potential to apply or link to multiple proxies, flood control can thus be bypassed to an extent. Worse still is if the script is located at a (malicious) web site that usually has high public traffic. Any visitor viewing a page with such scripting in it will inadvertently execute this script and consequently post a message to the target forum. This will obviously avoid the problem of flood control if multiple IP addresses are sending the requests. Either way, whether or not a message/topic is successfully posted, traffic is still hitting the server. Persistent traffic can quite easily amount to denial of service. The REAL problem is yet to be established. What if XSS was applied to the form action URL?