ABB IDAL HTTP Server Uncontrolled Format String
Posted by deepcore on June 25, 2019 – 1:59 pm
The IDAL HTTP server is vulnerable to memory corruption through insecure use of user supplied format strings. An attacker can abuse this functionality to bypass authentication or execute code on the server. The IDAL HTTP server does not safely handle username or cookie strings during the authentication process. Attempting to authenticate with the username “%25s%25p%25x%25n” will crash the server. Sending “%08x.AAAA.%08x.%08x” will log memory content from the stack.
Post a reply
You must be logged in to post a comment.