Surfnet 1.31 - CMD_CREDITCARD_CHARGE Denial of Service

Author: Rift_XT
type: dos
platform: windows
port: 
date_added: 2004-01-02 
date_updated: 2012-12-19 
verified: 1 
codes: CVE-2004-1781;OSVDB-16993 
tags: 
aliases:  
screenshot_url:  
application_url: 

source: https://www.securityfocus.com/bid/9348/info

Surfnet is prone to a denial of service vulnerability via the CMD_CREDITCARD_CHARGE command. By issuing this command with malformed arguments, it is possible to crash the software. When the software crashes, it will drop the kiosk user into the underlying operating system.

C:\Surfnet\WWWRoot\CMD_CREDITCARD_CHARGE:Charge=20