Entreprise française de cybersécurité depuis 2004
☎ 03 60 47 09 81 - info@securiteinfo.com
☎ 03 60 47 09 81 - info@securiteinfo.com
The ABB IDAL HTTP server mishandles format strings in a username or cookie during the authentication process. Attempting to authenticate with the username %25s%25p%25x%25n will crash the server. Sending %08x.AAAA.%08x.%08x will log memory content from the stack.
- http://packetstormsecurity.com/files/153404/ABB-IDAL-HTTP-Server-Uncontrolled-Format-String.html
- http://seclists.org/fulldisclosure/2019/Jun/43
No PoCs found on GitHub currently.