-----Original Message----- From: Matt Smith [mailto:[EMAIL PROTECTED]] Sent: Wednesday, July 31, 2002 11:59 AM To: '[EMAIL PROTECTED]' Subject: Parachat DoS Vulnerability Parachat DoS Vulnerability Synopsis Written by Matt Smith aka Ratman ([EMAIL PROTECTED]) Contributions by Amy Marie aka DraculaWoman ([EMAIL PROTECTED]) Presented by 12:01 Productions Computer Security and Research Division. Description: Parachat chatroom (http://www.parachat.com) servers have a security vulnerability that causes the chat client not to disconnect a user from the chat server if the user leaves the webpage where the room is located by using the Back or Forward buttons in the web browser in place of the logoff button. This allows for "phantom users" to be created in any Parachat chatroom that will remain present for 15 minutes. These users will be registered on the chat server as actual users. Implications: These "phantom users" can build up in a chatroom, easily causing a Denial Of Service (DoS) condition when the number of users exceeds the capacity of a chatroom. If several computers are involved in the attack a chatroom could be flooded to capacity in a matter of minutes. It is also conceivable that a program could be written to automate the exploit steps, making it simple for one computer to cause a DoS condition in a single chatroom. It is possible that such a program, when used to create a Distributed Denial of Service (DDoS) attack, could easily down an entire chat server. This condition would cause all chatrooms hosted on that server to become useless. Exploit: To exploit this vulnerability the following steps are required: 1. Log in to any Parachat Chatroom as <username> 2. Leave the Chatroom page using the methods described above. 3. Return to the Chatroom page. 4. Log back in to the Chatroom under a different username. 5. Repeat steps 2 through 4 Note: These steps have only been tested with Internet Explorer versions 5.0-6.0 Update: Vulnerability has been patched as of July 31, 2002
