You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
These are vulnerabilities that were discoverd during the "Auditing source code for vulnerabilities" workshop at Hack In The Box Dubai 2018.
Denial of Service
The openlitespeed server does not correctly handle requests for byte sequences allowing an attacker to amplify the response size by requesting the entire response body repeatedly. The following curl request illustrates this issue:
There are a number of buffer overflows in the web server source code. While many require administrative access to alter configuration to trigger, the following example can be triggered by a local user:
These are vulnerabilities that were discoverd during the "Auditing source code for vulnerabilities" workshop at Hack In The Box Dubai 2018.
Denial of Service
The openlitespeed server does not correctly handle requests for byte sequences allowing an attacker to amplify the response size by requesting the entire response body repeatedly. The following curl request illustrates this issue:
Multiple buffer overflow
There are a number of buffer overflows in the web server source code. While many require administrative access to alter configuration to trigger, the following example can be triggered by a local user:
The following proof of concept is offered to illustrate the buffer overflow:
The text was updated successfully, but these errors were encountered: