Bug in Parachat Chatroom System
Results 1 to 6 of 6

Thread: Bug in Parachat Chatroom System

  1. #1

    Bug in Parachat Chatroom System

    Parachat DoS Vulnerability Synopsis
    Written by Matt Smith aka Ratman (ratman6@Earthlink.net)
    Contributions by Amy Marie aka DraculaWoman (Marie33@atlantic.net)
    Presented by 12:01 Productions Computer Security and Research Division.

    Description:

    Parachat chatroom (http://www.parachat.com) servers have a security vulnerability that causes the chat client not to disconnect a user from the chat server if the user leaves the webpage where the room is located by using the Back or Forward buttons in the web browser in place of the logoff button. This allows for “phantom users” to be created in any Parachat chatroom that will remain present for 15 minutes. These users will be registered on the chat server as actual users.

    Implications:

    These “phantom users” can build up in a chatroom, easily causing a Denial Of Service (DoS) condition when the number of users exceeds the capacity of a chatroom. If several computers are involved in the attack a chatroom could be flooded to capacity in a matter of minutes. It is also conceivable that a program could be written to automate the exploit steps, making it simple for one computer to cause a DoS condition in a single chatroom. It is possible that such a program, when used to create a Distributed Denial of Service (DDoS) attack, could easily down an entire chat server. This condition would cause all chatrooms hosted on that server to become useless.

    Exploit:

    To exploit this vulnerability the following steps are required:

    1. Log in to any Parachat Chatroom as <username>
    2. Leave the Chatroom page using the methods described above.
    3. Return to the Chatroom page.
    4. Log back in to the Chatroom under a different username.
    5. Repeat steps 2 through 4

    Note: These steps have only been tested with Internet Explorer versions 5.0-6.0



    Yes guys, I found this one. Pretty nasty hole. This has also been posted at Bugtraq. Parachat was notified of this one month ago but they did not respond to my E-mails so it's full disclosure time

  2. #2
    Flash M0nkey
    Join Date
    Sep 2001
    Posts
    3,447
    heh thats a bad bug >_<
    just tried it 3 ghosts in the room in like 10secs - and with an automated attack from several dif comps at the same time they would be screwed - they really should listen when peps point out things like that 2 them

    v_Ln

  3. #3
    AntiOnline Senior Member souleman's Avatar
    Join Date
    Oct 2001
    Location
    Flint, MI
    Posts
    2,884
    I have never used the Parachat system, so I don't know much about it. How much overhead does a zombied user take up? Also, what is the timeout for a zombie user?

    I agree that this is a DoS problem, but you would almost definately have to automate it. I doubt a zombie really takes up that much space, and if you tried to overload the system by hand (ie back button and re-login) by the time the system is overloaded, some of the zombies would have probably timed out.

    Still, its a good post, and I am sure that it can be exploited if done properly...
    \"Ignorance is bliss....
    but only for your enemy\"
    -- souleman

  4. #4
    oblio
    Guest
    this is an old one and certainly not discovered by yourself. I remember this one surfacing in 1997

  5. #5
    Senior Member
    Join Date
    Feb 2002
    Posts
    132
    hey oblio....what's with the green dot and only 1 post??? did you get booted?
    SlackWare my first, Debian my second....building my box into the ultimate weapon

  6. #6
    Originally posted here by valhallen
    heh thats a bad bug >_<
    just tried it 3 ghosts in the room in like 10secs - and with an automated attack from several dif comps at the same time they would be screwed - they really should listen when peps point out things like that 2 them

    Yes they should

    v_Ln

    Originally posted here by souleman
    I have never used the Parachat system, so I don't know much about it. How much overhead does a zombied user take up? Also, what is the timeout for a zombie user?

    I agree that this is a DoS problem, but you would almost definately have to automate it. I doubt a zombie really takes up that much space, and if you tried to overload the system by hand (ie back button and re-login) by the time the system is overloaded, some of the zombies would have probably timed out.

    Still, its a good post, and I am sure that it can be exploited if done properly...
    Zombied users take up quite a bit of overhead because the timeout is 15 MINUTES....this is more than enough time for 2 users to DoS a room by hand....I've seen it done

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  

 Security News

     Patches

       Security Trends

         How-To

           Buying Guides